From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 5078B158020 for ; Wed, 2 Nov 2022 14:43:01 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 28569E0A96; Wed, 2 Nov 2022 14:42:57 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 0E3B0E0A96 for ; Wed, 2 Nov 2022 14:42:57 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 501A4340F8A for ; Wed, 2 Nov 2022 14:42:56 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 0679F73B for ; Wed, 2 Nov 2022 14:42:53 +0000 (UTC) From: "Kenton Groombridge" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Kenton Groombridge" Message-ID: <1667398045.bd1a6b7906f6d0d7df6af70e91d8eb11a6fc8c7b.concord@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/admin/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/admin/fapolicyd.te X-VCS-Directories: policy/modules/admin/ X-VCS-Committer: concord X-VCS-Committer-Name: Kenton Groombridge X-VCS-Revision: bd1a6b7906f6d0d7df6af70e91d8eb11a6fc8c7b X-VCS-Branch: master Date: Wed, 2 Nov 2022 14:42:53 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 1411c05d-19d1-440a-94f5-98b62f05de41 X-Archives-Hash: bc8339c5fea1fd2a6328c2ba461e9364 commit: bd1a6b7906f6d0d7df6af70e91d8eb11a6fc8c7b Author: Dave Sugar gmail com> AuthorDate: Mon Oct 3 20:54:41 2022 +0000 Commit: Kenton Groombridge gentoo org> CommitDate: Wed Nov 2 14:07:25 2022 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=bd1a6b79 fapolicyd: fagenrules chgrp's the compiled.rules node=localhost type=AVC msg=audit(1664829990.107:8051): avc: denied { chown } for pid=3709 comm="chgrp" capability=0 scontext=toor_u:sysadm_r:fagenrules_t:s0 tcontext=sysadm_u:sysadm_r:fagenrules_t:s0 tclass=capability permissive=0 Signed-off-by: Dave Sugar gmail.com> Signed-off-by: Kenton Groombridge gentoo.org> policy/modules/admin/fapolicyd.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/policy/modules/admin/fapolicyd.te b/policy/modules/admin/fapolicyd.te index 9effdb04a..2e716c1aa 100644 --- a/policy/modules/admin/fapolicyd.te +++ b/policy/modules/admin/fapolicyd.te @@ -93,7 +93,7 @@ optional_policy(` # fagenrules local policy # -allow fagenrules_t self:capability { fsetid kill }; +allow fagenrules_t self:capability { chown fsetid kill }; allow fagenrules_t self:fifo_file rw_inherited_fifo_file_perms;