udev: allow reading kernel fs sysctls

Signed-off-by: Kenton Groombridge <concord@gentoo.org>
author: Kenton Groombridge <concord@gentoo.org> 2023-12-17 23:25:49 -0500
committer: Kenton Groombridge <concord@gentoo.org> 2024-03-01 12:02:15 -0500
commit: f05a338c00749fbbc0e46646dd06b7a46e60165f (patch)
tree: 385627bab71b8554ab9591ffec0f7d994165ba96 /policy
parent: init, systemd: label systemd-executor as init_exec_t (diff)
download: hardened-refpolicy-f05a338c00749fbbc0e46646dd06b7a46e60165f.tar.gz
hardened-refpolicy-f05a338c00749fbbc0e46646dd06b7a46e60165f.tar.bz2
hardened-refpolicy-f05a338c00749fbbc0e46646dd06b7a46e60165f.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index 1a9b5e9e..bf831577 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -103,6 +103,8 @@ kernel_search_debugfs(udev_t)
 kernel_search_key(udev_t)
 # kpartx:
 kernel_get_sysvipc_info(udev_t)
+# needed as of systemd 255
+kernel_read_fs_sysctls(udev_t)
 #https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235182
 kernel_rw_net_sysctls(udev_t)
 kernel_read_network_state(udev_t)
author	Kenton Groombridge <concord@gentoo.org>	2023-12-17 23:25:49 -0500
committer	Kenton Groombridge <concord@gentoo.org>	2024-03-01 12:02:15 -0500
commit	f05a338c00749fbbc0e46646dd06b7a46e60165f (patch)
tree	385627bab71b8554ab9591ffec0f7d994165ba96 /policy
parent	init, systemd: label systemd-executor as init_exec_t (diff)
download	hardened-refpolicy-f05a338c00749fbbc0e46646dd06b7a46e60165f.tar.gz hardened-refpolicy-f05a338c00749fbbc0e46646dd06b7a46e60165f.tar.bz2 hardened-refpolicy-f05a338c00749fbbc0e46646dd06b7a46e60165f.zip