diff options
| author |   Yi Zhao <yi.zhao@windriver.com> | 2024-08-11 20:06:45 +0800 |
|---|---|---|
| committer |   Jason Zaman <perfinion@gentoo.org> | 2024-09-21 15:28:29 -0700 |
| commit | ba28793f2d89e4ed0f0bd0a24762b046a3afd643 (patch) | |
| tree | b2460e8ee73428b3f543a201fa1b13ac642b7478 | |
| parent | systemd: set context to systemd_networkd_var_lib_t for /var/lib/systemd/network (diff) | |
| download | hardened-refpolicy-ba28793f2d89e4ed0f0bd0a24762b046a3afd643.tar.gz hardened-refpolicy-ba28793f2d89e4ed0f0bd0a24762b046a3afd643.tar.bz2 hardened-refpolicy-ba28793f2d89e4ed0f0bd0a24762b046a3afd643.zip | |
systemd: allow systemd-networkd to manage sock files under /run/systemd/netif
Fixes:
avc: denied { create } for pid=344 comm="systemd-network"
name="io.systemd.Network" scontext=system_u:system_r:systemd_networkd_t
tcontext=system_u:object_r:systemd_networkd_runtime_t tclass=sock_file
permissive=1
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
| -rw-r--r-- | policy/modules/system/systemd.te | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te index 1ac08e7d2..5725d7c76 100644 --- a/policy/modules/system/systemd.te +++ b/policy/modules/system/systemd.te @@ -1270,6 +1270,7 @@ allow systemd_networkd_t self:unix_dgram_socket create_socket_perms; manage_dirs_pattern(systemd_networkd_t, systemd_networkd_runtime_t, systemd_networkd_runtime_t) manage_files_pattern(systemd_networkd_t, systemd_networkd_runtime_t, systemd_networkd_runtime_t) manage_lnk_files_pattern(systemd_networkd_t, systemd_networkd_runtime_t, systemd_networkd_runtime_t) +manage_sock_files_pattern(systemd_networkd_t, systemd_networkd_runtime_t, systemd_networkd_runtime_t) init_var_lib_filetrans(systemd_networkd_t, systemd_networkd_var_lib_t, dir) manage_dirs_pattern(systemd_networkd_t, systemd_networkd_var_lib_t, systemd_networkd_var_lib_t) |