Release v45.4: Update dbus_role_template() with communication over unix dgram socket · fedora-selinux/selinux-policy

v45.4
443befa
Choose a tag to compare

Filter

View all tags

v45.4: Update dbus_role_template() with communication over unix dgram socket

v45.4
443befa
Choose a tag to compare

Filter

View all tags

zpytela tagged this 04 Jun 15:40

The 0x894c op is defined in linux/sockios.h as "get socket network namespace".

The commit addresses the following AVC denial:
type=PROCTITLE msg=audit(4.6.2026 14:35:29.529:2114) : proctitle=lsns
type=SYSCALL msg=audit(4.6.2026 14:35:29.529:2114) : arch=x86_64 syscall=ioctl success=no exit=EPERM(Operace není povolena) a0=0x7 a1=0x894c a2=0x0 a3=0x0 items=0 ppid=39585 pid=321640 auid=username uid=username gid=username euid=username suid=username fsuid=username egid=username sgid=username fsgid=username tty=pts8 ses=3 comm=lsns exe=/usr/bin/lsns subj=staff_u:staff_r:staff_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(4.6.2026 14:35:29.529:2114) : avc:  denied  { ioctl } for  pid=321640 comm=lsns path=socket:[22370] dev="sockfs" ino=22370 ioctlcmd=0x894c scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=staff_u:staff_r:staff_dbusd_t:s0-s0:c0.c1023 tclass=unix_dgram_socket permissive=1

Assets 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

Uh oh!