37 lines
1.6 KiB
Diff
37 lines
1.6 KiB
Diff
From 8ad7f4c5528fbbc52a3d391c702102c6fe262d83 Mon Sep 17 00:00:00 2001
|
|
From: Vit Mojzis <vmojzis@redhat.com>
|
|
Date: Tue, 9 Jun 2026 17:27:36 +0200
|
|
Subject: [PATCH] catchall: Discourage creating custom policy modules
|
|
|
|
Update the plugin text to discourage creating custom policy modules by
|
|
explaining the lack of support and potential security implications.
|
|
---
|
|
src/catchall.py | 11 ++++++++---
|
|
1 file changed, 8 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/catchall.py b/src/catchall.py
|
|
index 052d6d8..7e4a8fa 100644
|
|
--- a/src/catchall.py
|
|
+++ b/src/catchall.py
|
|
@@ -54,9 +54,14 @@ class plugin(Plugin):
|
|
return _('If you believe that $SOURCE_BASE_PATH should be allowed $ACCESS access on $TARGET_CLASS labeled $TARGET_TYPE by default.')
|
|
return _('If you believe that $SOURCE_BASE_PATH should be allowed $ACCESS access on the $TARGET_BASE_PATH $TARGET_CLASS by default.')
|
|
|
|
- then_text = _('You should report this as a bug.\nYou can generate a local policy module to allow this access.')
|
|
- do_text = _("""Allow this access for now by executing:
|
|
-# ausearch -c '$SOURCE' --raw | audit2allow -M my-$MODULE_NAME
|
|
+ then_text = _('''
|
|
+ You should report this as a bug.\n
|
|
+ If you are certain this access is legitimate and not an intrusion attempt, you
|
|
+ can generate a local policy module to allow it.
|
|
+ Custom policy modules are not supported as they may weaken the system policy and expose the system to security vulnerabilities.
|
|
+ ''')
|
|
+
|
|
+ do_text = _("""# ausearch -c '$SOURCE' --raw | audit2allow -M my-$MODULE_NAME
|
|
# semodule -X 300 -i my-$MODULE_NAME.pp""")
|
|
|
|
def __init__(self):
|
|
--
|
|
2.53.0
|
|
|