Debian SE Linux policy bug

checkmodule -m -o local.mod local.te
semodule_package -o local.pp -m local.mod
semodule -u local.pp

Save the following policy as local.te and then run the above commands to make semodule work correctly and to also allow restorecon to access the console on boot.

module local 1.0;

require {
        class chr_file { read write };
        class fd use;
        type restorecon_t;
        type tmpfs_t;
        type initrc_t;
        type semanage_t;
        role system_r;

allow restorecon_t tmpfs_t:chr_file { read write };
allow semanage_t initrc_t:fd use;

Comments are closed.