setroubleshoot-plugins-3.3.15-3
- catchall: Discourage creating custom policy modules Resolves: RHEL-80549
This commit is contained in:
parent
53499765c2
commit
b2821260d0
@ -0,0 +1,36 @@
|
||||
From 8ad7f4c5528fbbc52a3d391c702102c6fe262d83 Mon Sep 17 00:00:00 2001
|
||||
From: Vit Mojzis <vmojzis@redhat.com>
|
||||
Date: Tue, 9 Jun 2026 17:27:36 +0200
|
||||
Subject: [PATCH] catchall: Discourage creating custom policy modules
|
||||
|
||||
Update the plugin text to discourage creating custom policy modules by
|
||||
explaining the lack of support and potential security implications.
|
||||
---
|
||||
src/catchall.py | 11 ++++++++---
|
||||
1 file changed, 8 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/catchall.py b/src/catchall.py
|
||||
index 052d6d8..7e4a8fa 100644
|
||||
--- a/src/catchall.py
|
||||
+++ b/src/catchall.py
|
||||
@@ -54,9 +54,14 @@ class plugin(Plugin):
|
||||
return _('If you believe that $SOURCE_BASE_PATH should be allowed $ACCESS access on $TARGET_CLASS labeled $TARGET_TYPE by default.')
|
||||
return _('If you believe that $SOURCE_BASE_PATH should be allowed $ACCESS access on the $TARGET_BASE_PATH $TARGET_CLASS by default.')
|
||||
|
||||
- then_text = _('You should report this as a bug.\nYou can generate a local policy module to allow this access.')
|
||||
- do_text = _("""Allow this access for now by executing:
|
||||
-# ausearch -c '$SOURCE' --raw | audit2allow -M my-$MODULE_NAME
|
||||
+ then_text = _('''
|
||||
+ You should report this as a bug.\n
|
||||
+ If you are certain this access is legitimate and not an intrusion attempt, you
|
||||
+ can generate a local policy module to allow it.
|
||||
+ Custom policy modules are not supported as they may weaken the system policy and expose the system to security vulnerabilities.
|
||||
+ ''')
|
||||
+
|
||||
+ do_text = _("""# ausearch -c '$SOURCE' --raw | audit2allow -M my-$MODULE_NAME
|
||||
# semodule -X 300 -i my-$MODULE_NAME.pp""")
|
||||
|
||||
def __init__(self):
|
||||
--
|
||||
2.53.0
|
||||
|
||||
@ -6,13 +6,14 @@
|
||||
Summary: Analysis plugins for use with setroubleshoot
|
||||
Name: setroubleshoot-plugins
|
||||
Version: 3.3.15
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: GPL-2.0-or-later
|
||||
URL: https://gitlab.com/setroubleshoot/plugins
|
||||
Source0: https://gitlab.com/-/project/24478430/uploads/1d856bff1c9fb16a8c6fc877d7fe91ca/setroubleshoot-plugins-3.3.15.tar.gz
|
||||
# git format-patch -N setroubleshoot-plugins-<version>
|
||||
# for j in 00*patch; do printf "Patch: %s\n" $j; done
|
||||
Patch: 0001-Split-multi-command-fix_cmds-into-lists.patch
|
||||
Patch: 0002-catchall-Discourage-creating-custom-policy-modules.patch
|
||||
BuildArch: noarch
|
||||
|
||||
# gcc is needed only for ./configure
|
||||
@ -50,6 +51,9 @@ rm -rf %{buildroot}
|
||||
%{_datadir}/setroubleshoot/plugins
|
||||
|
||||
%changelog
|
||||
* Thu Jun 18 2026 Vit Mojzis <vmojzis@redhat.com> - 3.3.15-3
|
||||
- catchall: Discourage creating custom policy modules (RHEL-80549)
|
||||
|
||||
* Thu May 07 2026 Vit Mojzis <vmojzis@redhat.com> - 3.3.15-2
|
||||
- Split multi-command fix_cmds into lists (RHEL-155206)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user