diff options
| author |   Antoine Tenart <antoine.tenart@bootlin.com> | 2020-08-13 11:36:54 +0200 |
|---|---|---|
| committer |   Jason Zaman <perfinion@gentoo.org> | 2020-10-11 14:00:05 -0700 |
| commit | b448dc10ff3432e236a94f80ba0c6d924e753953 (patch) | |
| tree | 275bcf55533d73d4ff2a11e3e6999dbca2df34cd | |
| parent | logging: allow systemd-journal to write messages to the audit socket (diff) | |
| download | hardened-refpolicy-b448dc10.tar.gz hardened-refpolicy-b448dc10.tar.bz2 hardened-refpolicy-b448dc10.zip | |
sysnetwork: allow to read network configuration files
Fixes:
avc: denied { getattr } for pid=55 comm="systemd-udevd"
path="/etc/systemd/network" dev="vda" ino=128
scontext=system_u:system_r:udev_t tcontext=system_u:object_r:net_conf_t
tclass=dir permissive=1
avc: denied { getattr } for pid=55 comm="systemd-udevd"
path="/etc/systemd/network" dev="vda" ino=128
scontext=system_u:system_r:udev_t tcontext=system_u:object_r:net_conf_t
tclass=dir permissive=1
avc: denied { read } for pid=55 comm="systemd-udevd" name="network"
dev="vda" ino=128 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:net_conf_t tclass=dir permissive=1
avc: denied { read } for pid=55 comm="systemd-udevd" name="network"
dev="vda" ino=128 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:net_conf_t tclass=dir permissive=1
avc: denied { open } for pid=55 comm="systemd-udevd"
path="/etc/systemd/network" dev="vda" ino=128
scontext=system_u:system_r:udev_t tcontext=system_u:object_r:net_conf_t
tclass=dir permissive=1
avc: denied { open } for pid=55 comm="systemd-udevd"
path="/etc/systemd/network" dev="vda" ino=128
scontext=system_u:system_r:udev_t tcontext=system_u:object_r:net_conf_t
tclass=dir permissive=1
avc: denied { getattr } for pid=59 comm="systemd-network"
path="/etc/systemd/network" dev="vda" ino=128
scontext=system_u:system_r:systemd_networkd_t
tcontext=system_u:object_r:net_conf_t tclass=dir permissive=1
avc: denied { read } for pid=59 comm="systemd-network" name="network"
dev="vda" ino=128 scontext=system_u:system_r:systemd_networkd_t
tcontext=system_u:object_r:net_conf_t tclass=dir permissive=1
avc: denied { open } for pid=59 comm="systemd-network"
path="/etc/systemd/network" dev="vda" ino=128
scontext=system_u:system_r:systemd_networkd_t
tcontext=system_u:object_r:net_conf_t tclass=dir permissive=1
avc: denied { search } for pid=59 comm="systemd-network"
name="network" dev="vda" ino=128
scontext=system_u:system_r:systemd_networkd_t
tcontext=system_u:object_r:net_conf_t tclass=dir permissive=1
avc: denied { getattr } for pid=55 comm="systemd-udevd"
path="/etc/systemd/network" dev="vda" ino=128
scontext=system_u:system_r:udev_t tcontext=system_u:object_r:net_conf_t
tclass=dir permissive=1
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
| -rw-r--r-- | policy/modules/system/sysnetwork.if | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if index 3e88974f2..53cbbf7f0 100644 --- a/policy/modules/system/sysnetwork.if +++ b/policy/modules/system/sysnetwork.if @@ -346,6 +346,8 @@ interface(`sysnet_read_config',` ') files_search_etc($1) + files_search_runtime($1) + allow $1 net_conf_t:dir list_dir_perms; allow $1 net_conf_t:file read_file_perms; ifdef(`distro_debian',` |