[DSE-Dev] Bug#1118393: selinux-policy-default: problems in Trixie policy that need an update
Russell Coker
russell at coker.com.au
Sun Oct 19 08:02:21 BST 2025
Package: selinux-policy-default
Version: 2:2.20250213-10
Severity: important
Need usbguard policy
Need to allow chromium to stat xattr filesystems, read xkb libs, and give fifo
files to the window manager (to stop it crashing on paste)
Ned to allow pulseaudio_client domains (including the $1_wm_t domains) to mmap
the tmpfs files related to pulseaudio (for Chrome mostly)
Ned to allow systemd_passwd_agent_t to watch user runtime dirs for systemd
daemon restart
Ned to allow dhcpd_t to execute ntpd_exec_t in ntpd_t for dhcp scripts and
start generic units
Ned to allow systemd-nspawn to use user terminal devices for directly running
by sysadmin and allow managing mnt_t files
More information about the SELinux-devel
mailing list