From: Jason Zaman <jason@perfinion.com> To: selinux-refpolicy@vger.kernel.org Cc: Jason Zaman <perfinion@gentoo.org> Subject: [PATCH 09/10] chromium: watch etc dirs Date: Sun, 16 Feb 2020 16:54:21 +0800 Message-ID: <20200216085422.36530-9-jason@perfinion.com> (raw) In-Reply-To: <20200216085422.36530-1-jason@perfinion.com> From: Jason Zaman <perfinion@gentoo.org> avc: denied { watch } for pid=44464 comm="ThreadPoolForeg" path="/etc" dev="zfs" ino=1436 scontext=staff_u:staff_r:chromium_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=dir permissive=0 --- policy/modules/apps/chromium.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/apps/chromium.te b/policy/modules/apps/chromium.te index 255ef557..0e8cc1e5 100644 --- a/policy/modules/apps/chromium.te +++ b/policy/modules/apps/chromium.te @@ -156,6 +156,7 @@ files_search_home(chromium_t) files_read_usr_files(chromium_t) files_map_usr_files(chromium_t) files_read_etc_files(chromium_t) +files_watch_etc_dirs(chromium_t) # During find for /etc/whatever-release we get lots of output otherwise files_dontaudit_getattr_all_dirs(chromium_t) -- 2.24.1
next prev parent reply index Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-02-16 8:54 [PATCH 01/10] fstools: add zfs-auto-snapshot Jason Zaman 2020-02-16 8:54 ` [PATCH 02/10] udev: Add watch perms Jason Zaman 2020-02-16 8:54 ` [PATCH 03/10] accountsd: " Jason Zaman 2020-02-16 8:54 ` [PATCH 04/10] cron: watch cron spool Jason Zaman 2020-02-16 8:54 ` [PATCH 05/10] colord: add watch perms Jason Zaman 2020-02-16 8:54 ` [PATCH 06/10] policykit devicekit: Add " Jason Zaman 2020-02-16 8:54 ` [PATCH 07/10] userdomain: Add watch on home dirs Jason Zaman 2020-02-16 15:48 ` Chris PeBenito 2020-02-16 8:54 ` [PATCH 08/10] dbus: add watch perms Jason Zaman 2020-02-16 8:54 ` Jason Zaman [this message] 2020-02-16 8:54 ` [PATCH 10/10] gpg: add watch perms for agent Jason Zaman 2020-02-16 20:03 [PATCH 01/10] fstools: add zfs-auto-snapshot Jason Zaman 2020-02-16 20:03 ` [PATCH 09/10] chromium: watch etc dirs Jason Zaman
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200216085422.36530-9-jason@perfinion.com \ --to=jason@perfinion.com \ --cc=perfinion@gentoo.org \ --cc=selinux-refpolicy@vger.kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
SELinux-Refpolicy Archive on lore.kernel.org Archives are clonable: git clone --mirror https://lore.kernel.org/selinux-refpolicy/0 selinux-refpolicy/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 selinux-refpolicy selinux-refpolicy/ https://lore.kernel.org/selinux-refpolicy \ selinux-refpolicy@vger.kernel.org public-inbox-index selinux-refpolicy Example config snippet for mirrors Newsgroup available over NNTP: nntp://nntp.lore.kernel.org/org.kernel.vger.selinux-refpolicy AGPL code for this site: git clone https://public-inbox.org/public-inbox.git