colin/passt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

selinux: Switch to a more reasonable model for PID and socket files

Browse Source 
Instead of restricting PID files to /var/run/passt.pid, which is a
single file and unlikely to be used, use the user_tmp_t type which
should cover any reasonable need.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
Stefano Brivio
2023-02-21 18:03:49 +00:00
parent 4902447630
commit 01801b131f
2 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
contrib/selinux/passt.fc
View File

@@ -10,4 +10,3 @@
/usr/bin/passt(\.*)? system_u:object_r:passt_exec_t:s0
/tmp/passt\.pcap system_u:object_r:passt_log_t:s0
/var/run/passt\.pid system_u:object_r:passt_pid_t:s0