tmpfs should not have labeledfs associate permission |
|||
Issue descriptionCurrently in our SELinux rules we have: allow tmpfs labeledfs:filesystem associate; This shouldn't be necessary, but I'm not sure why it was added. Find all the reasons and eliminate them properly.
,
Sep 21
,
Sep 26
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/dcb082eb70c4eef7aede969c91929caced24e379 commit dcb082eb70c4eef7aede969c91929caced24e379 Author: Kenny Root <kroot@google.com> Date: Wed Sep 26 17:32:21 2018 sepolicy: add auditallow for tmpfs association This rule should not be needed, so add an auditallow to figure out why this was added. BUG=chromium:887859 TEST=emerge Change-Id: I941e02772417afe8705c46da9349021accc0732e Reviewed-on: https://chromium-review.googlesource.com/1237737 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Tested-by: Kenny Root <kroot@google.com> Reviewed-by: Qijiang Fan <fqj@google.com> [modify] https://crrev.com/dcb082eb70c4eef7aede969c91929caced24e379/sepolicy/policy/chromeos/file.te
,
Jan 11
This issue has an owner, a component and a priority, but is still listed as untriaged or unconfirmed. By definition, this bug is triaged. Changing status to "assigned". Please reach out to me if you disagree with how I've done this. |
|||
►
Sign in to add a comment |
|||
Comment 1 by kroot@chromium.org
, Sep 21