passt - Plug A Simple Socket Transport

diff options

author	Cathy Hu <cathy.hu@suse.com>	2025-08-05 15:19:26 +0200
committer	Stefano Brivio <sbrivio@redhat.com>	2025-08-05 15:30:59 +0200
commit	309eefd6af5ba20f760b92b6131a9ea7f2e161d4 (patch)
tree	f902787760d547e4f8b59d966027539c7f50e208 /test/lib
parent	a8782865c342eb2682cca292d5bf92b567344351 (diff)
download	passt-309eefd6af5ba20f760b92b6131a9ea7f2e161d4.tar passt-309eefd6af5ba20f760b92b6131a9ea7f2e161d4.tar.gz passt-309eefd6af5ba20f760b92b6131a9ea7f2e161d4.tar.bz2 passt-309eefd6af5ba20f760b92b6131a9ea7f2e161d4.tar.lz passt-309eefd6af5ba20f760b92b6131a9ea7f2e161d4.tar.xz passt-309eefd6af5ba20f760b92b6131a9ea7f2e161d4.tar.zst passt-309eefd6af5ba20f760b92b6131a9ea7f2e161d4.zip

selinux: pasta accesses /etc/resolv.conf2025_08_05.309eefd

pasta accesses /etc/resolv.conf, which needs search permissions in openSUSE since the folder structure for the older sysconfig-netconfig is different than in fedora (which uses systemd-resolved) this replaces the manual allow rules with the sysnet_read_config interface in passt and pasta Adresses: ---- time->Fri Jul 25 15:57:16 2025 type=AVC msg=audit(1753451836.581:16831): avc: denied { search } for pid=44182 comm="pasta" name="netconfig" dev="tmpfs" ino=2449 scontext=unconfined_u:unconfined_r:pasta_t:s0-s0:c0.c1023 tcontext=system_u:object_r:net_conf_t:s0 tclass=dir permissive=0 ---- time->Fri Jul 25 15:58:10 2025 type=AVC msg=audit(1753451890.317:17123): avc: denied { search } for pid=45022 comm="pasta" name="netconfig" dev="tmpfs" ino=2449 scontext=unconfined_u:unconfined_r:pasta_t:s0-s0:c0.c1023 tcontext=system_u:object_r:net_conf_t:s0 tclass=dir permissive=0 ---- time->Fri Jul 25 16:01:53 2025 type=AVC msg=audit(1753452113.557:17289): avc: denied { search } for pid=45999 comm="pasta" name="netconfig" dev="tmpfs" ino=2449 scontext=unconfined_u:unconfined_r:pasta_t:s0-s0:c0.c1023 tcontext=system_u:object_r:net_conf_t:s0 tclass=dir permissive=0 Signed-off-by: Cathy Hu <cathy.hu@suse.com> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

Diffstat (limited to 'test/lib')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: