commit: c5006a58204273dc6a48bf8e6c1087f4c99ed3c6
Author: Laurent Bigonville <bigon <AT> bigon <DOT> be>
AuthorDate: Mon Feb 8 23:04:53 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri Feb 12 02:54:52 2016 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=c5006a58
dontaudit firewalld attempt to relabel its own config files
firewalld create a backup of its config files before modifying them by
using shutil.copy2() python function. This function tries to copy the
xattr of the source file, this should explain why we see this.
policy/modules/contrib/firewalld.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/contrib/firewalld.te
b/policy/modules/contrib/firewalld.te
index 7696395..c1cd252 100644
--- a/policy/modules/contrib/firewalld.te
+++ b/policy/modules/contrib/firewalld.te
@@ -37,6 +37,7 @@ allow firewalld_t self:udp_socket create_socket_perms;
manage_dirs_pattern(firewalld_t, firewalld_etc_rw_t, firewalld_etc_rw_t)
manage_files_pattern(firewalld_t, firewalld_etc_rw_t, firewalld_etc_rw_t)
+dontaudit firewalld_t firewalld_etc_rw_t:file { relabelfrom relabelto };
allow firewalld_t firewalld_var_log_t:file append_file_perms;
allow firewalld_t firewalld_var_log_t:file create_file_perms;
