diff options
| author |   Laurent Bigonville <bigon@bigon.be> | 2018-11-11 20:04:21 +0100 |
|---|---|---|
| committer |   Jason Zaman <jason@perfinion.com> | 2018-11-18 18:56:47 +0800 |
| commit | 047d9ea6c5adefc531ea42c30f3ecf7fe15cc43e (patch) | |
| tree | 36e5389cb48455fec1ab674518ad40702d5e8b05 | |
| parent | Allow systemd_resolved_t to bind to port 53 and use net_raw (diff) | |
| download | hardened-refpolicy-047d9ea6c5adefc531ea42c30f3ecf7fe15cc43e.tar.gz hardened-refpolicy-047d9ea6c5adefc531ea42c30f3ecf7fe15cc43e.tar.bz2 hardened-refpolicy-047d9ea6c5adefc531ea42c30f3ecf7fe15cc43e.zip | |
Allow iscsid_t to create a netlink_iscsi_socket
----
type=PROCTITLE msg=audit(11/11/18 14:02:09.006:195) : proctitle=/sbin/iscsid
type=SYSCALL msg=audit(11/11/18 14:02:09.006:195) : arch=x86_64 syscall=bind success=yes exit=0 a0=0x6 a1=0x55bfc5837270 a2=0xc a3=0x0 items=0 ppid=1188 pid=1190 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iscsid exe=/usr/sbin/iscsid subj=system_u:system_r:iscsid_t:s0 key=(null)
type=AVC msg=audit(11/11/18 14:02:09.006:195) : avc: denied { bind } for pid=1190 comm=iscsid scontext=system_u:system_r:iscsid_t:s0 tcontext=system_u:system_r:iscsid_t:s0 tclass=netlink_iscsi_socket permissive=1
----
type=PROCTITLE msg=audit(11/11/18 14:02:09.006:194) : proctitle=/sbin/iscsid
type=SYSCALL msg=audit(11/11/18 14:02:09.006:194) : arch=x86_64 syscall=socket success=yes exit=6 a0=netlink a1=SOCK_RAW a2=egp a3=0x0 items=0 ppid=1188 pid=1190 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iscsid exe=/usr/sbin/iscsid subj=system_u:system_r:iscsid_t:s0 key=(null)
type=AVC msg=audit(11/11/18 14:02:09.006:194) : avc: denied { create } for pid=1190 comm=iscsid scontext=system_u:system_r:iscsid_t:s0 tcontext=system_u:system_r:iscsid_t:s0 tclass=netlink_iscsi_socket permissive=1
Signed-off-by: Jason Zaman <jason@perfinion.com>
| -rw-r--r-- | policy/modules/system/iscsi.te | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/policy/modules/system/iscsi.te b/policy/modules/system/iscsi.te index 9457ef299..dc5f8f522 100644 --- a/policy/modules/system/iscsi.te +++ b/policy/modules/system/iscsi.te @@ -40,6 +40,7 @@ allow iscsid_t self:fifo_file rw_fifo_file_perms; allow iscsid_t self:unix_stream_socket { accept connectto listen }; allow iscsid_t self:sem create_sem_perms; allow iscsid_t self:shm create_shm_perms; +allow iscsid_t self:netlink_iscsi_socket create_socket_perms; allow iscsid_t self:netlink_socket create_socket_perms; allow iscsid_t self:netlink_kobject_uevent_socket create_socket_perms; allow iscsid_t self:netlink_route_socket nlmsg_write; |