Please send me a patch to use autopkgtest and I'll include it.
--
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/
___
SELinux-devel mailing list
SELinux-devel@alioth-lists.debian.net
severity 1012841 wishlist
thanks
--
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/
___
SELinux-devel mailing list
SELinux-devel@alioth-lists.debian.net
Processing commands for cont...@bugs.debian.org:
> severity 1012841 wishlist
Bug #1012841 [src:refpolicy] refpolicy: add autopkgtest
Severity set to 'wishlist' from 'important'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
1012841:
Processing commands for cont...@bugs.debian.org:
> close 1012686
Bug #1012686 [selinux-policy-default] libsemanage.semanage_pipe_data: Child
process /usr/libexec/selinux/hll/pp failed
Marked Bug as done
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
1012686:
type firewalld_tmpfs_t;
files_tmpfs_file(firewalld_tmpfs_t)
fs_tmpfs_filetrans(firewalld_t, firewalld_tmpfs_t, file)
manage_files_pattern(firewalld_t, firewalld_tmpfs_t, firewalld_tmpfs_t)
allow firewalld_t firewalld_tmpfs_t:file { map execute };
allow firewalld_t self:netlink_netfilter_socket {
close 962007
thanks
Below is from a Bullseye system. This was fixed after Buster, so Buster is
still missing this.
# sesearch -A -s openvpn_t -t openvpn_var_run_t -c sock_file
allow openvpn_t openvpn_runtime_t:sock_file { append create getattr ioctl link
lock open read rename setattr unlink
Processing commands for cont...@bugs.debian.org:
> close 962007
Bug #962007 [selinux-policy-default] selinux-policy-default: No SELinux rule
for OpenVPN management socket file
Marked Bug as done
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
962007:
close 960960
thanks
Appears to be fixed in Bullseye and unstable.
--
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/
___
SELinux-devel mailing list
SELinux-devel@alioth-lists.debian.net
Processing commands for cont...@bugs.debian.org:
> close 960960
Bug #960960 [src:refpolicy] Please update paths for upower and udisks2
Marked Bug as done
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
960960:
close 948336
thanks
# sesearch -A -s syslogd_t -t devicekit_disk_t -c process
allow syslogd_t domain:process { getattr signull };
Above is from a buster system showing it to be fixed. The below changelog
indicates that it was fixed before version 2:2.20190201-6.
refpolicy (2:2.20190201-4)
Processing commands for cont...@bugs.debian.org:
> close 948336
Bug #948336 [selinux-policy-default] selinux-policy-default: systemd-journal
cannot access processes with 'signull' (RedHat Bug 1676923).
Marked Bug as done
> thanks
Stopping processing here.
Please contact me if you need
close 900782
thanks
Works in unstable now.
root@unstable:~# cat /etc/fstab
/dev/vda/ ext4 noatime,nodev 0 1
/dev/vdbnoneswappri=0 0 0
tmpfs /tmp tmpfs rootcontext=system_u:object_r:tmp_t:s0 0 0
root@unstable:~# df -h /tmp
Processing commands for cont...@bugs.debian.org:
> close 900782
Bug #900782 [selinux-policy-default] selinux-policy-default: Systemd fails to
set context for tmpfs mounts in enforcing mode
Marked Bug as done
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
close 878345
close 888967
close 900186
close 933858
close 959803
close 728950
close 758083
close 860532
close 871704
close 890208
thanks
Lots of things have changed and been fixed.
--
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/
Processing commands for cont...@bugs.debian.org:
> close 878345
Bug #878345 [selinux-policy-default] avc denied read,open for NetworkManager
Marked Bug as done
> close 888967
Bug #888967 [selinux-policy-default] selinux-policy-default: Default policy
breaks semanage tool
Marked Bug as done
>
Processing commands for cont...@bugs.debian.org:
> close 962842
Bug #962842 [selinux-policy-default] selinux-policy-default: SElinux prevents
apache2 access to the mysql (mariadb) socket
Marked Bug as done
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
962842:
close 962842
thanks
Apache has always been allowed to connect to mysql, usually with a boolean
controlling it.
In this case MariaDB is mislabeled, run "ps axZ|grep maria" and you will see
it's in the wrong context, run "ls -lZ /usr/sbin/mariadbd" and you will
probably find it doesn't have the
Processing commands for cont...@bugs.debian.org:
> close 962238
Bug #962238 [selinux-policy-default] selinux-policy-default: selinux prevents
automounting sshfs
Marked Bug as done
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
962238:
close 962238
thanks
Recent versions of the policy allow this, not sure when it was fixed.
--
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/
___
SELinux-devel mailing list
19 matches
Mail list logo