634568 – missing "map" permissions for tor daemon

Bug 634568 - missing "map" permissions for tor daemon

Summary: missing "map" permissions for tor daemon

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	SELinux (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	SE Linux Bugs

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-10-17 19:03 UTC by Amadeusz Sławiński
Modified:	2018-10-03 20:53 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
allow tor to map tor_var_lib_t files (0001-allow-tor-to-map-tor_var_lib_t-files.patch,990 bytes, patch) 2017-10-18 10:33 UTC, Amadeusz Sławiński	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Amadeusz Sławiński 2017-10-17 19:03:16 UTC

[ 5541.991489] audit: type=1400 audit(1508263685.933:1680): avc:  denied  { map } for  pid=4328 comm="tor" path="/var/lib/tor/data/cached-microdescs" dev="dm-0" ino=13632687 scontext=system_u:system_r:tor_t tcontext=system_u:object_r:tor_var_lib_t tclass=file permissive=0

tor itself appears to work, so not sure how important this is

Comment 1 Amadeusz Sławiński 2017-10-17 21:12:44 UTC

Suggested fix:

https://github.com/amade/hardened-refpolicy/commit/c9dabfe984eca095665268db07bc154ca4309ccc

Comment 2 Amadeusz Sławiński 2017-10-18 10:33:17 UTC

Created attachment 499062 [details, diff]
allow tor to map tor_var_lib_t files

and attach patch for history