[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#66305: Error with recursive git checkout
|
From: |
Alexis Simon |
|
Subject: |
bug#66305: Error with recursive git checkout |
|
Date: |
Wed, 25 Oct 2023 09:51:37 -0700 |
|
User-agent: |
Mozilla Thunderbird |
ah well it seems this is due to a selinux policy error
--8<---------------cut here---------------start------------->8---
SELinux is preventing git-submodule from execute access on the file
/usr/bin/sed.
***** Plugin catchall (100. confidence) suggests
**************************
If you believe that git-submodule should be allowed execute access on
the sed file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'git-submodule' --raw | audit2allow -M my-gitsubmodule
# semodule -X 300 -i my-gitsubmodule.pp
Additional Information:
Source Context system_u:system_r:guix_daemon.guix_daemon_t:s0
Target Context system_u:object_r:bin_t:s0
Target Objects /usr/bin/sed [ file ]
Source git-submodule
Source Path git-submodule
Port <Unknown>
Host xps13
Source RPM Packages
Target RPM Packages sed-4.8-12.fc38.x86_64
SELinux Policy RPM selinux-policy-targeted-38.29-1.fc38.noarch
Local Policy RPM
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name xps13
Platform Linux xps13 6.5.7-200.fc38.x86_64 #1 SMP
PREEMPT_DYNAMIC Wed Oct 11 04:07:58 UTC 2023
x86_64
Alert Count 460
First Seen 2023-10-24 20:20:26 PDT
Last Seen 2023-10-25 09:44:31 PDT
Local ID fa57086c-6738-4eec-8252-3abb66a9e249
Raw Audit Messages
type=AVC msg=audit(1698252271.150:513): avc: denied { execute } for
pid=10644 comm="git-submodule" name="sed" dev="dm-0" ino=261979
scontext=system_u:system_r:guix_daemon.guix_daemon_t:s0
tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0
Hash: git-submodule,guix_daemon.guix_daemon_t,bin_t,file,execute
--8<---------------cut here---------------end--------------->8---
But trying to fix it does not seem to have any effect. I've added this
to the guix-daemon.cil and re-applied
--8<---------------cut here---------------start------------->8---
(allow guix_daemon_t
bin_t
(file (execute)))
--8<---------------cut here---------------end--------------->8---
Alexis
- bug#66305: Error with recursive git checkout, Guillaume Le Vaillant, 2023/10/02
- bug#66305: Error with recursive git checkout, Guillaume Le Vaillant, 2023/10/02
- bug#66305: Error with recursive git checkout, Simon Tournier, 2023/10/03
- bug#66305: Error with recursive git checkout, Ludovic Courtès, 2023/10/04
- bug#66305: Error with recursive git checkout, Simon Tournier, 2023/10/04
- bug#66305: Error with recursive git checkout, Simon Tournier, 2023/10/04
- bug#66305: Error with recursive git checkout, Ludovic Courtès, 2023/10/05
- bug#66305: Error with recursive git checkout, Ludovic Courtès, 2023/10/05
- bug#66305: Error with recursive git checkout, Ludovic Courtès, 2023/10/12
bug#66305: Error with recursive git checkout,
Alexis Simon <=
bug#66305: Error with recursive git checkout, Alexis Simon, 2023/10/26
bug#66305: Error with recursive git checkout, Alexis Simon, 2023/10/26