1530937 – git_script_t cannot access git_user_content_t

Bug 1530937 - git_script_t cannot access git_user_content_t

Summary: git_script_t cannot access git_user_content_t

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	27
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Lukas Vrabec
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-01-04 09:00 UTC by clime
Modified:	2018-01-10 02:06 UTC (History)
CC List:	5 users (show)
Fixed In Version:	selinux-policy-3.13.1-283.21.fc27
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-01-10 02:06:38 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description clime 2018-01-04 09:00:06 UTC

Description of problem:

Hello, we had the following problem with cgit on our copr-dist-git.fedorainfracloud.org machine:

type=AVC msg=audit(1514948803.346:52837): avc:  denied  { map } for  pid=5896 comm="cgit" path="/var/lib/dist-git/git/lantw44/vim-latest/vim.git/objects/pack/pack-701fd2e5e6721ca054b00289f07d3c042f3b4956.idx" dev="vdd1" ino=105809302 scontext=system_u:system_r:git_script_t:s0 tcontext=system_u:object_r:git_user_content_t:s0 tclass=file permissive=0

We needed to make own policy containing: 

allow git_script_t git_user_content_t:file map;

Would it be possible to solve this on distribution level?

Version-Release number of selected component (if applicable):
Name         : selinux-policy-targeted
Version      : 3.13.1
Release      : 283.19.fc27

Name         : selinux-policy
Version      : 3.13.1
Release      : 283.19.fc27

How reproducible:
always

Thank you!

Comment 1 Fedora Update System 2018-01-05 14:45:56 UTC

selinux-policy-3.13.1-283.21.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-0d8506aba4

Comment 2 Fedora Update System 2018-01-05 14:48:56 UTC

selinux-policy-3.13.1-283.21.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-0d8506aba4

Comment 3 Fedora Update System 2018-01-06 21:08:33 UTC

selinux-policy-3.13.1-283.21.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-0d8506aba4

Comment 4 Fedora Update System 2018-01-10 02:06:38 UTC

selinux-policy-3.13.1-283.21.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.