Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp3573591pxb; Mon, 16 Nov 2020 19:46:57 -0800 (PST) X-Google-Smtp-Source: ABdhPJybYiVTXh3aTD0lFK82t23k2nGruIVxZRWK3f/khmHRvWbsgxh3aVEsd549aMSDA713md5t X-Received: by 2002:a50:9f2e:: with SMTP id b43mr8878221edf.239.1605584817002; Mon, 16 Nov 2020 19:46:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605584816; cv=none; d=google.com; s=arc-20160816; b=jirY2NWtDnrX4ns6ZJRtYeHw5GeoFQFmhkoz3lTsB565uq6fC3/KX5EHAyk4KbPJ0G 4akAI/ZgAw3JydAxNMEwsizx5Tg+g+tuQWzyqfLL3L72qK4OzuH1dscwTn3MeW+t2st/ vD5Ca7P7o6/RCESiZWYAapljzme6Vp86+NKc20Ppljhtnzb7nT0K7HrWkP2yNsZ18NZy /ziBvo8HmGvcm0dSyu3inCSa05tJ6erA+viQgU2qEBBD9ebMm8ONYCBMLUhtNmfGmQWz 8VHrbTGDOSr2IfrW6oNYCmJBLTWRBNXl//kuwLXl3Gwq9JNu+hpyAw3JGqRbeDky1HMd 4YXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=vva8OID6JMc8KWLCk0OiXAJ1T5R+H0NkAnvLu0X5bao=; b=ZE1bKEoGoMmu4py/PjbJIRADOI4s3OCYdRv6vz2ZvEAG16GoEZZ8D7L03nv9MXV2FD OU/th/wO06CM9PLiqjPej85a9sm3nW9JrVuPiA/b3LMxAOmoFVwBmGoDVaoRMaLW5hOP 7eku7UmrM5uEGx7IW5TSnvxfYE1YM64MBDbd95AXgjllOvoHhQHBQdg3gnh+f3qp4uRM GUNVXet851h9y6Y6NOUW6B3GGUTtupKQFYn5cCa7M7ofJAov/t/Vp37Cjt9iq3pNGgw9 fFMMK418vLRSeVBaBilHQmfu2VKxNNirHmm01i5nx0s5KI5FZP6RUrxHApfWqzFPVruR YXYg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@perfinion-com.20150623.gappssmtp.com header.s=20150623 header.b=BOSOSbSD; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id hh13si13124503ejb.360.2020.11.16.19.46.52; Mon, 16 Nov 2020 19:46:56 -0800 (PST) Received-SPF: pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@perfinion-com.20150623.gappssmtp.com header.s=20150623 header.b=BOSOSbSD; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726382AbgKQDqn (ORCPT + 17 others); Mon, 16 Nov 2020 22:46:43 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55706 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725730AbgKQDqn (ORCPT ); Mon, 16 Nov 2020 22:46:43 -0500 Received: from mail-pg1-x531.google.com (mail-pg1-x531.google.com [IPv6:2607:f8b0:4864:20::531]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1A450C0613CF for ; Mon, 16 Nov 2020 19:46:42 -0800 (PST) Received: by mail-pg1-x531.google.com with SMTP id h16so11058444pgb.7 for ; Mon, 16 Nov 2020 19:46:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=perfinion-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=vva8OID6JMc8KWLCk0OiXAJ1T5R+H0NkAnvLu0X5bao=; b=BOSOSbSD9t+0NyKp0PeaFdJuLL8EzbK1wp6OcRB+cnoa24DzQkJLeaBfMwxFr3wSRj l2DIZ+HxfTuCZ96Ngm2zc2hDjUVYJ0nRnOppItC+ubAXkWZGW3l65ALF3IUYOYwLhNNa 29Xmwd+mnK3D0s4H4k4fxIMa14ztaQbdpJ30u7+GghGvFHXwFN8Z2W7R3IdpMS1oKpfR RDrhFvNr81hBX6hLtjCHSHmxN34soZvAYM19dRoZRlP1QvFWPLvHrZbbIWlRiudKQdL4 bdWzrfMMIT05sSFsLYzpabP+zhrBf6AqNH+adMTKeP7aCyN3rVpEZ+PFXM70dng4n/3g H6TA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=vva8OID6JMc8KWLCk0OiXAJ1T5R+H0NkAnvLu0X5bao=; b=K/cHGEOpqET2zWJS5PhhnJsMZdrOX7VAz6C4NWsm5Zf2Ga7YFmDR+PPcHA3JGEQ9Hs KDlUzLtGaHsETIRgoFu0SZyP7a75E4l00zfLkfo1T3jZfZMw0DSXWwkdIyrY1KKP+0uT Kk5xnMFNmnHIQ4peFatlOgDOZCFYXBeLh9KB+bDAZdVLPP/EWf5Vo/+dFGMnk9YIs8NT 3zAoci6QyGjtKxdNXgm3umAHcsAwqKlK5EdAI81gqu9ryGlpuyNoh42BnlYsuzFh66ck BL1wtv/xzvBtufurzvXnlZNa4fsFE/BTW9QgJG/yzElZn2qUtb43e6+KY58qk8dmE61/ oxHA== X-Gm-Message-State: AOAM532+umqkA5HKFdnNncpplr/23C6fT6KVgQx56bJvBkX0lBYlHDaH VEq3o+kObpyxkkhf5leavnUMAWbP+BDcgjO1 X-Received: by 2002:a05:6a00:225c:b029:18b:d208:a366 with SMTP id i28-20020a056a00225cb029018bd208a366mr16544061pfu.5.1605584801381; Mon, 16 Nov 2020 19:46:41 -0800 (PST) Received: from localhost (115.42.24.136.in-addr.arpa. [136.24.42.115]) by smtp.gmail.com with ESMTPSA id cu1sm1035031pjb.6.2020.11.16.19.46.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 16 Nov 2020 19:46:40 -0800 (PST) From: Jason Zaman To: selinux-refpolicy@vger.kernel.org Cc: Jason Zaman , Jason Zaman Subject: [PATCH 2/8] getty: allow watching file /run/agetty.reload Date: Mon, 16 Nov 2020 19:46:22 -0800 Message-Id: <20201117034628.2461-2-jason@perfinion.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201117034628.2461-1-jason@perfinion.com> References: <20201117034628.2461-1-jason@perfinion.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org From: Jason Zaman avc: denied { watch } for pid=2485 comm="agetty" path="/run/agetty.reload" dev="tmpfs" ino=22050 scontext=system_u:system_r:getty_t:s0 tcontext=system_u:object_r:getty_runtime_t:s0 tclass=file permissive=0 Signed-off-by: Jason Zaman Signed-off-by: Jason Zaman --- policy/modules/system/getty.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/system/getty.te b/policy/modules/system/getty.te index ce9e4dedb..f9514c771 100644 --- a/policy/modules/system/getty.te +++ b/policy/modules/system/getty.te @@ -47,6 +47,7 @@ allow getty_t getty_log_t:file { append_file_perms create_file_perms setattr_fil logging_log_filetrans(getty_t, getty_log_t, file) allow getty_t getty_runtime_t:dir watch; +allow getty_t getty_runtime_t:file watch; manage_files_pattern(getty_t, getty_runtime_t, getty_runtime_t) files_runtime_filetrans(getty_t, getty_runtime_t, file) -- 2.26.2