1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
From 84c69d220ffdd039b88a34f9afc127274a985541 Mon Sep 17 00:00:00 2001
From: Roy Li <rongqing.li@windriver.com>
Date: Sat, 22 Feb 2014 13:35:38 +0800
Subject: [PATCH] policy/modules/system/setrans: allow setrans to access
/sys/fs/selinux
1. mcstransd failed to boot-up since the below permission is denied
statfs("/sys/fs/selinux", 0x7ffff2b80370) = -1 EACCES (Permission denied)
2. other programs can not connect to /run/setrans/.setrans-unix
avc: denied { connectto } for pid=2055 comm="ls"
path="/run/setrans/.setrans-unix"
scontext=root:sysadm_r:sysadm_t:s0-s15:c0.c1023
tcontext=system_u:system_r:setrans_t:s15:c0.c1023
tclass=unix_stream_socket
Upstream-Status: Inappropriate [embedded specific]
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
policy/modules/system/setrans.te | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/policy/modules/system/setrans.te b/policy/modules/system/setrans.te
index 25aadfc5f..78bd6e2eb 100644
--- a/policy/modules/system/setrans.te
+++ b/policy/modules/system/setrans.te
@@ -23,9 +23,7 @@ mls_trusted_object(setrans_runtime_t)
type setrans_unit_t;
init_unit_file(setrans_unit_t)
-ifdef(`distro_debian',`
- init_daemon_runtime_file(setrans_runtime_t, dir, "setrans")
-')
+init_daemon_runtime_file(setrans_runtime_t, dir, "setrans")
ifdef(`enable_mcs',`
init_ranged_daemon_domain(setrans_t, setrans_exec_t, s0 - mcs_systemhigh)
--
2.17.1
|