tor_t: SELinux prevents tor from starting when using ControlSocket feature
nusenu
nusenu at openmailbox.org
Thu Apr 16 22:14:06 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Lukas Vrabec:
> Hi, Could you reproduce it in permissive mode? (I need all your
> AVCs) Then I'll add this rules to tor policy in fedora and also
> RHEL.
thanks for fixing this.
AVCs in permissive mode:
type=AVC avc: denied { dac_override } ... capability=1
scontext=system_u:system_r:tor_t:s0
tcontext=system_u:system_r:tor_t:s0 tclass=capability
type=AVC avc: denied { chown } ... capability=0
scontext=system_u:system_r:tor_t:s0
tcontext=system_u:system_r:tor_t:s0 tclass=capability
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJVMDQuAAoJEFv7XvVCELh0FvcQAKsO+B7arGW6UbX+C8anBpFu
yPFWEq+oIKnB/vbUtskg8TzyQDeIDmh1X9OD3uSk4JkqSXmd1PKYi6dyy96S8B31
rQ1hStx/Dx5JeC+ISAkoE+/SrD0FYFS5GlS/xtR/wp+0hxW9TA9KtUqa8icdnPgt
/4owWn97GozfWUPJSAEEKt2HT3GXEggQ4Eef7yIfxuhTdbAHgrTxIYyl8ipkn9rf
p/LGPJTgOgR4xQ9oclTE4ZQWhwhvGxa+e6IyvM3hch0qFBURx+zvyjG2Oisck87a
pKWawV3t5ZZI00PMbTTEt4ePh14w6iPIuymP/MRws2u9XFCrVu+TfQ385bccOfdw
GFVslecJMNHP1Y1x9d5LBgZ++BzLujV2ruCWuRwtpJ+bKrTyayFSoXIox5eWMhTe
Nv0haQaMTYSthsjIpXMszAFb8VOdsDFCbXB4YNryiHQkU2YAEJW9UKPnfIJ/aRdj
OT4hglRbnJ/P9PIX96hQ7wciHp4YKjLCahOZWf7w0IV/eX8Jjl0WB9SP90M9X8No
LuUFXB7neWfk/tEq4SPUJKvsbqlk0uPHZkqYSOrGDH9DR0I2vNiH4ZTJRj56hEOy
kqtluWEB+WYAmakx6O16X/jLeDBTDrZiIqoqxQh5p+CiHlJkE75o/epFCRfJu8sm
WSoQIOYrh2Xeh0dFLLFY
=FjdE
-----END PGP SIGNATURE-----
More information about the selinux
mailing list