[DSE-Dev] Bug#712970: selinux-policy-default: selinux prevents udev to modify /etc/udev/rules.d
Leos Bitto
Leos.Bitto at gmail.com
Fri Jun 21 09:56:18 UTC 2013
Package: selinux-policy-default
Version: 2:2.20110726-12
Severity: important
Dear Maintainer,
after I have plugged in a new ethernet card, the selinux policy did not let udev make
modifications to /etc/udev/rules.d/70-persistent-net.rules, which means that this ethernet
card fails to get a consistent interface name when disconnecting and connecting it again.
After I have used audit2allow to create the following module, udev is working as expected:
module udev_rules 1.0;
require {
type udev_t;
type udev_rules_t;
class lnk_file create;
class dir { write remove_name add_name };
class file append;
}
#============= udev_t ==============
#!!!! The source type 'udev_t' can write to a 'dir' of the following types:
# var_run_t, etc_runtime_t, udev_var_run_t, device_t, etc_t, tmpfs_t, udev_tbl_t, net_conf_t, root_t
allow udev_t udev_rules_t:dir { write remove_name add_name };
allow udev_t udev_rules_t:file append;
allow udev_t udev_rules_t:lnk_file create;
-- System Information:
Debian Release: 7.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages selinux-policy-default depends on:
ii libpam-modules 1.1.3-7.1
ii libselinux1 2.1.9-5
ii libsepol1 2.1.4-3
ii policycoreutils 2.1.10-9
ii python 2.7.3-4
Versions of packages selinux-policy-default recommends:
ii checkpolicy 2.1.8-2
pn setools <none>
Versions of packages selinux-policy-default suggests:
pn logcheck <none>
pn syslog-summary <none>
-- Configuration Files:
/etc/selinux/default/modules/active/file_contexts.local [Errno 13] Permission denied: u'/etc/selinux/default/modules/active/file_contexts.local'
-- no debconf information
More information about the SELinux-devel
mailing list