diff options
| author |   Yi Zhao <yi.zhao@windriver.com> | 2024-02-04 11:16:37 +0800 |
|---|---|---|
| committer |   Kenton Groombridge <concord@gentoo.org> | 2024-03-01 12:04:10 -0500 |
| commit | d5dde3aac15de32aa5a701a4a4a21cb4d12ccbb8 (patch) | |
| tree | c358eabde369c149d050b55822aa73a0e74ce0dd /policy | |
| parent | systemd: allow systemd-hostnamed to read machine-id and localization files (diff) | |
| download | hardened-refpolicy-d5dde3aac15de32aa5a701a4a4a21cb4d12ccbb8.tar.gz hardened-refpolicy-d5dde3aac15de32aa5a701a4a4a21cb4d12ccbb8.tar.bz2 hardened-refpolicy-d5dde3aac15de32aa5a701a4a4a21cb4d12ccbb8.zip | |
systemd: allow systemd-rfkill to getopt from uevent sockets
Fixes:
avc: denied { getopt } for pid=313 comm="systemd-rfkill"
scontext=system_u:system_r:systemd_rfkill_t:s0-s15:c0.c1023
tcontext=system_u:system_r:systemd_rfkill_t:s0-s15:c0.c1023
tclass=netlink_kobject_uevent_socket permissive=1
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Kenton Groombridge <concord@gentoo.org>
Diffstat (limited to 'policy')
| -rw-r--r-- | policy/modules/system/systemd.te | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te index b1e1e3b72..c4b66c825 100644 --- a/policy/modules/system/systemd.te +++ b/policy/modules/system/systemd.te @@ -1540,7 +1540,7 @@ logging_send_syslog_msg(systemd_pstore_t) # Rfkill local policy # -allow systemd_rfkill_t self:netlink_kobject_uevent_socket { bind create getattr read setopt }; +allow systemd_rfkill_t self:netlink_kobject_uevent_socket { bind create getattr read getopt setopt }; manage_dirs_pattern(systemd_rfkill_t, systemd_rfkill_var_lib_t, systemd_rfkill_var_lib_t) manage_files_pattern(systemd_rfkill_t, systemd_rfkill_var_lib_t, systemd_rfkill_var_lib_t) |