search

fedora-selinux / selinux-policy

selinux-policy for Fedora is a large patch off the mainline
GNU General Public License v2.0
156 stars 157 forks source link

Allow wireguard work with firewall-cmd #2042

Closed zpytela closed 4 months ago

zpytela commented 4 months ago

The commit addresses the following AVC denials: audit[5106]: AVC avc: denied { search } for pid=5106 comm="firewall-cmd" name="pki" dev="sda1" ino=393252 scontext=system_u:system_r:wireguard_t:s0 tcontext=system_u:object_r:cert_t:s0 tclass=dir permissive=0 audit[5106]: AVC avc: denied { read } for pid=5106 comm="firewall-cmd" name="possible" dev="sysfs" ino=42 scontext=system_u:system_r:wireguard_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=0 audit[5106]: AVC avc: denied { read } for pid=5106 comm="firewall-cmd" name="stat" dev="proc" ino=4026532026 scontext=system_u:system_r:wireguard_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file permissive=0 audit[333]: USER_AVC pid=333 uid=81 auid=zzz ses=zzz subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for scontext=system_u:system_r:wireguard_t:s0 tcontext=system_u:system_r:firewalld_t:s0 tclass=dbus permissive=0 exe="/usr/bin/dbus-broker" sauid=81 hostname=? addr=? terminal=?'

Resolves: rhbz#2255572