[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/

Mon, 13 Feb 2023 07:35:36 -0800 

commit:     fb931664be3edc23bc7641f910342590f4335e21
Author:     Corentin LABBE <clabbe.montjoie <AT> gmail <DOT> com>
AuthorDate: Tue Jan  3 08:22:11 2023 +0000
Commit:     Kenton Groombridge <concord <AT> gentoo <DOT> org>
CommitDate: Mon Feb 13 15:19:30 2023 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=fb931664

mcelog: add missing file context for triggers

I got the following AVC:
allow mcelog_t mcelog_etc_t:file execute;

This is due do some trigger, not being set as bin_t
-rwxr-xr-x. 1 root root system_u:object_r:bin_t         801 nov.   1 19:11 
bus-error-trigger
-rwxr-xr-x. 1 root root system_u:object_r:bin_t        1035 nov.   1 19:11 
cache-error-trigger
-rwxr-xr-x. 1 root root system_u:object_r:bin_t        1213 nov.   1 19:11 
dimm-error-trigger
-rwxr-xr-x. 1 root root system_u:object_r:bin_t         742 nov.   1 19:11 
iomca-error-trigger
-rw-r-----. 1 root root system_u:object_r:mcelog_etc_t 7415 nov.   1 19:11 
mcelog.conf
-rwxr-xr-x. 1 root root system_u:object_r:mcelog_etc_t 1209 nov.   1 19:11 
page-error-counter-replacement-trigger
-rwxr-xr-x. 1 root root system_u:object_r:mcelog_etc_t 1656 nov.   1 19:11 
page-error-post-sync-soft-trigger
-rwxr-xr-x. 1 root root system_u:object_r:mcelog_etc_t 1640 nov.   1 19:11 
page-error-pre-sync-soft-trigger
-rwxr-xr-x. 1 root root system_u:object_r:bin_t        1308 nov.   1 19:11 
page-error-trigger
-rwxr-xr-x. 1 root root system_u:object_r:bin_t        1057 nov.   1 19:11 
socket-memory-error-trigger
-rwxr-xr-x. 1 root root system_u:object_r:bin_t         947 nov.   1 19:11 
unknown-error-trigger

Signed-off-by: Corentin LABBE <clabbe.montjoie <AT> gmail.com>
Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org>

 policy/modules/kernel/corecommands.fc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policy/modules/kernel/corecommands.fc 
b/policy/modules/kernel/corecommands.fc
index 550f87047..1c3ce84e0 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -54,7 +54,7 @@ ifdef(`distro_redhat',`
 
 /etc/mail/make                 --      gen_context(system_u:object_r:bin_t,s0)
 
-/etc/mcelog/.*-error-trigger   --      gen_context(system_u:object_r:bin_t,s0)
+/etc/mcelog/.*-trigger         --      gen_context(system_u:object_r:bin_t,s0)
 /etc/mcelog/.*\.local          --      gen_context(system_u:object_r:bin_t,s0)
 
 ifdef(`distro_redhat',`

Reply via email to