From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 52A9E59172 for ; Fri, 12 Feb 2016 03:51:49 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A41D821C04E; Fri, 12 Feb 2016 03:51:47 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 22F9221C04E for ; Fri, 12 Feb 2016 03:51:47 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 202DA340CCB for ; Fri, 12 Feb 2016 03:51:46 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id BDE3C10FD for ; Fri, 12 Feb 2016 03:51:43 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1455245692.c5006a58204273dc6a48bf8e6c1087f4c99ed3c6.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/firewalld.te X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: c5006a58204273dc6a48bf8e6c1087f4c99ed3c6 X-VCS-Branch: master Date: Fri, 12 Feb 2016 03:51:43 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 82401f26-89a7-4a1a-9982-dcdec24c30bb X-Archives-Hash: e2a5048d21770bd9eba9b52190b9fafa commit: c5006a58204273dc6a48bf8e6c1087f4c99ed3c6 Author: Laurent Bigonville bigon be> AuthorDate: Mon Feb 8 23:04:53 2016 +0000 Commit: Jason Zaman gentoo org> CommitDate: Fri Feb 12 02:54:52 2016 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=c5006a58 dontaudit firewalld attempt to relabel its own config files firewalld create a backup of its config files before modifying them by using shutil.copy2() python function. This function tries to copy the xattr of the source file, this should explain why we see this. policy/modules/contrib/firewalld.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/contrib/firewalld.te b/policy/modules/contrib/firewalld.te index 7696395..c1cd252 100644 --- a/policy/modules/contrib/firewalld.te +++ b/policy/modules/contrib/firewalld.te @@ -37,6 +37,7 @@ allow firewalld_t self:udp_socket create_socket_perms; manage_dirs_pattern(firewalld_t, firewalld_etc_rw_t, firewalld_etc_rw_t) manage_files_pattern(firewalld_t, firewalld_etc_rw_t, firewalld_etc_rw_t) +dontaudit firewalld_t firewalld_etc_rw_t:file { relabelfrom relabelto }; allow firewalld_t firewalld_var_log_t:file append_file_perms; allow firewalld_t firewalld_var_log_t:file create_file_perms;