[DSE-Dev] Bug#757994: selinux-policy-default: Patch
Andreas Florath
andre at flonatel.org
Wed Aug 13 16:43:47 UTC 2014
Package: selinux-policy-default
Version: 2:2.20140421-4
Followup-For: Bug #757994
Hello!
Attached you can find a patch which fixes this problem.
One cause was similar to #756729.
The cause was, that it is possible to use a link to /dev/null as
systemd service file - which is done for x11-common:
root at debselinux01:~# ls -lZ /lib/systemd/system/x11-common.service
lrwxrwxrwx. 1 root root system_u:object_r:systemd_unit_file_t:SystemLow 9 Jul 16 00:52 /lib/systemd/system/x11-common.service -> /dev/null
root at debselinux01:~# ls -lZ /dev/null
crw-rw-rw-. 1 root root system_u:object_r:null_device_t:SystemLow 1, 3 Aug 13 16:57 /dev/null
root at debselinux01:~# dpkg -S /lib/systemd/system/x11-common.service
systemd: /lib/systemd/system/x11-common.service
The patch allows to access the null_device_t from systemd and friends.
If it is easier for you, you can also pull the patch from
https://github.com/flonatel/refpolicy-experimental/tree/bugfix/757994-x11-common-fails-to-install
Kind regards
Andre
-------------- next part --------------
A non-text attachment was scrubbed...
Name: selinux-refpolicy-allow-systemd-link-to-dev-null.patch
Type: text/x-diff
Size: 1328 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20140813/dc47ca0b/attachment.patch>
More information about the SELinux-devel
mailing list