search

fedora-selinux / selinux-policy

selinux-policy for Fedora is a large patch off the mainline
GNU General Public License v2.0
164 stars 165 forks source link

Allow login_userdomain map files in /var #2043

Closed zpytela closed 7 months ago

zpytela commented 7 months ago

The commit addresses the following AVC denial: type=PROCTITLE msg=audit(02/19/2024 16:12:10.631:242) : proctitle=/usr/libexec/DiscoverNotifier type=MMAP msg=audit(02/19/2024 16:12:10.631:242) : fd=16 flags=MAP_PRIVATE type=SYSCALL msg=audit(02/19/2024 16:12:10.631:242) : arch=x86_64 syscall=mmap success=no exit=EACCES(Permission denied) a0=0x0 a1=0xc9f9bb a2=PROT_READ a3=MAP_PRIVATE items=0 ppid=1231 pid=1993 auid=user uid=user gid=user euid=user suid=user fsuid=user egid=user sgid=user fsgid=user tty=(none) ses=5 comm=DiscoverNotifie exe=/usr/libexec/DiscoverNotifier subj=user_u:user_r:user_t:s0 key=(null) type=AVC msg=audit(02/19/2024 16:12:10.631:242) : avc: denied { map } for pid=1993 comm=DiscoverNotifie path=/var/cache/swcatalog/cache/en-US-os-catalog.xb dev="vda3" ino=761212 scontext=user_u:user_r:user_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file permissive=0