[Bug 1213721] [SELinux] add SELinux rule for new versions of kdump
https://bugzilla.suse.com/show_bug.cgi?id=1213721 https://bugzilla.suse.com/show_bug.cgi?id=1213721#c2 Jiri Bohac <jbohac@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(jbohac@suse.com) | --- Comment #2 from Jiri Bohac <jbohac@suse.com> --- yes, just read it. See: https://github.com/openSUSE/kdump/blob/master/init/load.sh First, on lines 373 and 374 it is tested that the two files (initrd and kernel) in /var/lib/kdump exist. On line 202 they are passed to kexec. In between that, mkdumprd is called that compares timestamps and possibly regenerates /var/lib/kdump/initrd but that does not seem to be blocked by SELinux. As noted in Comment #0, audit2allow suggested "allow kdump_t kdump_var_lib_t:lnk_file read;" and that works. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com