From f05a338c00749fbbc0e46646dd06b7a46e60165f Mon Sep 17 00:00:00 2001
From: Kenton Groombridge <concord@gentoo.org>
Date: Sun, 17 Dec 2023 23:25:49 -0500
Subject: udev: allow reading kernel fs sysctls

Signed-off-by: Kenton Groombridge <concord@gentoo.org>
---
 policy/modules/system/udev.te | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'policy')

diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index 1a9b5e9e..bf831577 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -103,6 +103,8 @@ kernel_search_debugfs(udev_t)
 kernel_search_key(udev_t)
 # kpartx:
 kernel_get_sysvipc_info(udev_t)
+# needed as of systemd 255
+kernel_read_fs_sysctls(udev_t)
 #https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235182
 kernel_rw_net_sysctls(udev_t)
 kernel_read_network_state(udev_t)
-- 
cgit v1.2.3-65-gdbad