Introduce tabrmd_rw_unix_stream_sockets SELinux interface#851
Open
jsegitz wants to merge 1 commit into
Open
Conversation
ATM there's only tabrmd_create_unix_stream_sockets, but some domains only need to use the socket, not create it. Signed-off-by: Johannes Segitz <jsegitz@suse.de>
jsegitz
force-pushed
the
tabrmd_rw_unix_stream_sockets
branch
from
5f3ac0b to
5db3c3f
Compare
|
any updates here? |
Contributor
Author
|
@williamcroberts Since you merge the last SELinux change: This just adds an additional interface, no chance of breaking anything. |
ca-hu
added a commit
to ca-hu/selinux-policy
that referenced
this pull request
Aug 28, 2025
ca-hu
added a commit
to ca-hu/selinux-policy
that referenced
this pull request
Aug 28, 2025
tpm handling will need some abrmd interfaces. Adding the interface to the main policy, otherwise things will not build. This includes: - Copy over tabrmd.if from tpm2-abrmd (dirty hack) - Add tabrmd_rw_unix_stream_sockets interface tpm2-software/tpm2-abrmd#851 - Add ifndef to tabrmd.if to avoid overwriting issues Adresses: time->Fri Jun 13 13:10:41 2025 type=USER_AVC msg=audit(1749813041.073:50): pid=1945 uid=498 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:tabrmd_t:s0 tclass=dbus permissive=1 exe="/usr/bin/dbus-broker" sauid=498 hostname=? addr=? terminal=?'
zpytela
pushed a commit
to fedora-selinux/selinux-policy
that referenced
this pull request
Sep 3, 2025
tpm handling will need some abrmd interfaces. Adding the interface to the main policy, otherwise things will not build. This includes: - Copy over tabrmd.if from tpm2-abrmd (dirty hack) - Add tabrmd_rw_unix_stream_sockets interface tpm2-software/tpm2-abrmd#851 - Add ifndef to tabrmd.if to avoid overwriting issues Adresses: time->Fri Jun 13 13:10:41 2025 type=USER_AVC msg=audit(1749813041.073:50): pid=1945 uid=498 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:tabrmd_t:s0 tclass=dbus permissive=1 exe="/usr/bin/dbus-broker" sauid=498 hostname=? addr=? terminal=?'
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
ATM there's only tabrmd_create_unix_stream_sockets, but some domains only need to use the socket, not create it.