scsi: target: Fix SELinux error when systemd-modules loads the target module - kernel/linux.git

diff options

author	Maurizio Lombardi <mlombard@redhat.com>	2024-02-15 17:39:43 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-05-17 12:56:07 +0300
commit	62b8582d93cb7c9edf791f6436e1f5e9f46dcd14 (patch)
tree	0e41c0a2d45d1391b399cf3f92ff2fcf2111a160 /block
parent	d38ca15be1154c30a60f8ab7a83b7f0c6a4c1208 (diff)
download	linux-62b8582d93cb7c9edf791f6436e1f5e9f46dcd14.tar.xz

scsi: target: Fix SELinux error when systemd-modules loads the target module

[ Upstream commit 97a54ef596c3fd24ec2b227ba8aaf2cf5415e779 ] If the systemd-modules service loads the target module, the credentials of that userspace process will be used to validate the access to the target db directory. SELinux will prevent it, reporting an error like the following: kernel: audit: type=1400 audit(1676301082.205:4): avc: denied { read } for pid=1020 comm="systemd-modules" name="target" dev="dm-3" ino=4657583 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:targetd_etc_rw_t:s0 tclass=dir permissive=0 Fix the error by using the kernel credentials to access the db directory Signed-off-by: Maurizio Lombardi <mlombard@redhat.com> Link: https://lore.kernel.org/r/20240215143944.847184-2-mlombard@redhat.com Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org>

Diffstat (limited to 'block')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: