On Mon, Aug 24, 2020 at 9:46 AM Stephen Smalley
<stephen.smalley.work@xxxxxxxxx> wrote:
>
> On Wed, Aug 19, 2020 at 11:07 AM Christian Göttsche
> <cgzones@xxxxxxxxxxxxxx> wrote:
> >
> > Currently:
> >
> > #============= sshd_t ==============
> >
> > #!!!! This avc is allowed in the current policy
> > #!!!! This av rule may have been overridden by an extended permission av rule
> > allow sshd_t ptmx_t:chr_file ioctl;
> >
> > #!!!! This avc is allowed in the current policy
> > #!!!! This av rule may have been overridden by an extended permission av rule
> > allow sshd_t sshd_devpts_t:chr_file ioctl;
> >
> > #!!!! This avc is allowed in the current policy
> > #!!!! This av rule may have been overridden by an extended permission av rule
> > allow sshd_t user_devpts_t:chr_file ioctl;
> >
> > #============= user_t ==============
> >
> > #!!!! This avc is allowed in the current policy
> > #!!!! This av rule may have been overridden by an extended permission av rule
> > allow user_t devtty_t:chr_file ioctl;
> >
> > #!!!! This avc is allowed in the current policy
> > #!!!! This av rule may have been overridden by an extended permission av rule
> > allow user_t user_devpts_t:chr_file ioctl;
> > allowxperm sshd_t ptmx_t:chr_file ioctl { 0x5430-0x5431 0x5441 };
> > allowxperm sshd_t sshd_devpts_t:chr_file ioctl 0x5401;
> > allowxperm sshd_t user_devpts_t:chr_file ioctl { 0x5401-0x5402 0x540e };
> > allowxperm user_t user_devpts_t:chr_file ioctl { 0x4b33 0x5401 0x5403 0x540a 0x540f-0x5410 0x5413-0x5414 };
> > allowxperm user_t devtty_t:chr_file ioctl 0x4b33;
> >
> > Changed:
> >
> > #============= sshd_t ==============
> >
> > #!!!! This avc is allowed in the current policy
> > #!!!! This av rule may have been overridden by an extended permission av rule
> > allow sshd_t ptmx_t:chr_file ioctl;
> > allowxperm sshd_t ptmx_t:chr_file ioctl { 0x5430-0x5431 0x5441 };
> >
> > #!!!! This avc is allowed in the current policy
> > #!!!! This av rule may have been overridden by an extended permission av rule
> > allow sshd_t sshd_devpts_t:chr_file ioctl;
> > allowxperm sshd_t sshd_devpts_t:chr_file ioctl 0x5401;
> >
> > #!!!! This avc is allowed in the current policy
> > #!!!! This av rule may have been overridden by an extended permission av rule
> > allow sshd_t user_devpts_t:chr_file ioctl;
> > allowxperm sshd_t user_devpts_t:chr_file ioctl { 0x5401-0x5402 0x540e };
> >
> > #============= user_t ==============
> >
> > #!!!! This avc is allowed in the current policy
> > #!!!! This av rule may have been overridden by an extended permission av rule
> > allow user_t devtty_t:chr_file ioctl;
> > allowxperm user_t devtty_t:chr_file ioctl 0x4b33;
> >
> > #!!!! This avc is allowed in the current policy
> > #!!!! This av rule may have been overridden by an extended permission av rule
> > allow user_t user_devpts_t:chr_file ioctl;
> > allowxperm user_t user_devpts_t:chr_file ioctl { 0x4b33 0x5401 0x5403 0x540a 0x540f-0x5410 0x5413-0x5414 };
> >
> > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
>
> Acked-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Both applied.
