mir/ovs
2
0
Fork 0
mirror of https://github.com/openvswitch/ovs synced 2025-08-22 01:51:26 +00:00
Code Issues Releases Wiki Activity
ovs/selinux
History
Yi-Hung Wei 8d56db0883 selinux: Add missing permissions for ovs-kmod-ctl. 
On RHEL 8,  a SELinux policy is missing when ovs-kmod-ctl use modprobe
to load kernel modules.  This patch adds the missing permissions based
on /var/log/audit/audit.log

Example log of the AVC violations:
  type=AVC msg=audit(1599075387.136:65): avc:  denied  { read } for
  pid=1472 comm="modprobe" name="modules.alias.bin" dev="dm-0" ino=586629
  scontext=system_u:system_r:openvswitch_load_module_t:s0
  tcontext=system_u:object_r:modules_dep_t:s0 tclass=file permissive=0

  type=AVC msg=audit(1599085253.148:45): avc:  denied  { open } for pid=1355
  comm="modprobe" path="/usr/lib/modules/4.18.0-193.el8.x86_64/modules.dep.bin"
  dev="dm-0" ino=624258 scontext=system_u:system_r:openvswitch_load_module_t:s0
  tcontext=unconfined_u:object_r:modules_dep_t:s0 tclass=file permissive=0

VMWare-BZ: #2633569
Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
Acked-by: Greg Rose <gvrose8192@gmail.com>
Acked-by: Ansis Atteka <aatteka@ovn.org>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
2020-09-16 00:19:37 +02:00
..
.gitignore
selinux: introduce domain transitioned kmod helper
2018-06-17 19:32:27 -07:00
automake.mk
selinux: introduce domain transitioned kmod helper
2018-06-17 19:32:27 -07:00
openvswitch-custom.fc.in
selinux: introduce domain transitioned kmod helper
2018-06-17 19:32:27 -07:00
openvswitch-custom.te.in
selinux: Add missing permissions for ovs-kmod-ctl.
2020-09-16 00:19:37 +02:00