mirror of
git://git.yoctoproject.org/meta-selinux
synced 2026-01-01 13:58:04 +00:00
3f850b745c
Fix AVC denied error when booting:
type=AVC msg=audit(1548055920.478:86): avc: denied { execute } for
pid=366 comm="audispd" path="/lib/ld-2.28.so" dev="vda" ino=7545
scontext=system_u:system_r:audisp_t:s15:c0.c1023
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
type=AVC msg=audit(1548055920.478:87): avc: denied { open } for
pid=366 comm="audispd" path="/lib/libc-2.28.so" dev="vda" ino=7558
scontext=system_u:system_r:audisp_t:s15:c0.c1023
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
When using "+=" for IMAGE_PREPROCESS_COMMAND, the selinux_set_labels
process would run before prelink process to set the security labels for
the files. But the label for /lib/libc-2.28.so and /lib/ld-2.28.so would
be changed after run prelink process. Use "_append" to make sure the
selinux_set_labels process run after prelink process.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
||
|---|---|---|
| .. | ||
| enable-audit.bbclass | ||
| enable-selinux.bbclass | ||
| meson-selinux.bbclass | ||
| selinux-image.bbclass | ||
| selinux.bbclass | ||
| with-audit.bbclass | ||
| with-selinux.bbclass | ||