Skip to content

Commit

Permalink
Allow coreos-installer-generator execute generic programs
Browse files Browse the repository at this point in the history 
The commit addresses the following AVC denial:
Sep 02 13:51:25 localhost kernel: audit: type=1400 audit(1725285083.698:5): avc:  denied  { execute } for  pid=1080 comm="coreos-liveiso-" name="jq" dev="loop1" ino=3815 scontext=system_u:system_r:coreos_liveiso_autologin_generator_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=1

Resolves: rhbz#2045531
  • Loading branch information
@zpytela
zpytela committed Nov 19, 2024
1 parent 3e7b1f2 commit cf8f301
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions policy/modules/contrib/coreos_installer.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,7 @@ optional_policy(`

kernel_read_proc_files(coreos_liveiso_autologin_generator_t)

corecmd_exec_bin(coreos_liveiso_autologin_generator_t)
corecmd_exec_shell(coreos_liveiso_autologin_generator_t)
dev_write_kmsg(coreos_liveiso_autologin_generator_t)

Expand Down

0 comments on commit cf8f301

Please sign in to comment.