Package Details: selinux-refpolicy-arch 20231002-1

Git Clone URL: https://aur.archlinux.org/selinux-refpolicy-arch.git (read-only, click to copy)
Package Base: selinux-refpolicy-arch
Description: Modular SELinux reference policy including headers and docs with Arch Linux patches
Upstream URL: https://github.com/SELinuxProject/refpolicy/wiki
Keywords: selinux
Licenses: GPL2
Groups: selinux
Submitter: IooNag
Maintainer: IooNag
Last Packager: IooNag
Votes: 11
Popularity: 0.25
First Submitted: 2016-01-05 18:05 (UTC)
Last Updated: 2023-10-08 11:58 (UTC)

Latest Comments

IooNag commented on 2021-01-31 17:50 (UTC)

@huskiesrock1884 Please report such issues upstream, on https://github.com/SELinuxProject/refpolicy/issues

huskiesrock1884 commented on 2021-01-30 20:06 (UTC) (edited on 2021-01-30 20:40 (UTC) by huskiesrock1884)

After over a year I am still encountering errors in the lockdown subsystem where kmod_t and udev_t forbid the use of tracefs. I've been able to skate without rules allowing confidentiality for these types up until last kernel update, at which point I'm seeing log errors that look like this:

AVC avc: denied {confidentiality} for pid=325 comm=systemd-udevd lockdown reason="use of tracefs" scontext=system_u:system_r:udev_t tcontext=system_u:system_r:udev_t tclass=lockdown permissive=0

Could not create tracefs "filter" entry Could not create tracefs "id" entry Could not create tracefs "enable" entry ...

These are showing up practically thousands of times and making it impossible to read the log when it's needed to diagnose problems (after kernel or application panic for instance). Masking tracefs, which one would think prevents it from loading thereby attempts made to use it, doesn't help.

Vhw9w commented on 2019-11-24 05:20 (UTC)

python3 -t -t -E -W error support/sedoctool.py -b policy/booleans.conf -m policy/modules.conf -x doc/policy.xml File "support/sedoctool.py", line 269 if desc.data is not '': ^ SyntaxError: "is not" with a literal. Did you mean "!="? make: *** [Makefile:405: conf.intermediate] Error 1