udev: allow udevadm to retrieve xattrs

Fixes: avc: denied { getattr } for pid=50 comm="udevadm" name="/" dev="vda" ino=2 scontext=system_u:system_r:udevadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=0 avc: denied { getattr } for pid=52 comm="udevadm" name="/" dev="vda" ino=2 scontext=system_u:system_r:udevadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=0 Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: Jason Zaman <perfinion@gentoo.org>
author: Antoine Tenart <antoine.tenart@bootlin.com> 2020-08-31 15:38:13 +0200
committer: Jason Zaman <perfinion@gentoo.org> 2020-10-11 14:00:05 -0700
commit: 326c950e7b3c5e3ab77aff79f16e6440421f47ae (patch)
tree: 35095645713cac574f04f9929f37e3cd758ca8d0
parent: .travis.yml: Point selint at only the policy dir. (diff)
download: hardened-refpolicy-326c950e.tar.gz
hardened-refpolicy-326c950e.tar.bz2
hardened-refpolicy-326c950e.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index 49380fb2c..2ef2337e3 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -451,3 +451,5 @@ kernel_read_kernel_sysctls(udevadm_t)
 kernel_read_system_state(udevadm_t)
 
 seutil_read_file_contexts(udevadm_t)
+
+fs_getattr_xattr_fs(udevadm_t)
author	Antoine Tenart <antoine.tenart@bootlin.com>	2020-08-31 15:38:13 +0200
committer	Jason Zaman <perfinion@gentoo.org>	2020-10-11 14:00:05 -0700
commit	326c950e7b3c5e3ab77aff79f16e6440421f47ae (patch)
tree	35095645713cac574f04f9929f37e3cd758ca8d0
parent	.travis.yml: Point selint at only the policy dir. (diff)
download	hardened-refpolicy-326c950e.tar.gz hardened-refpolicy-326c950e.tar.bz2 hardened-refpolicy-326c950e.zip