From 0a1386e8ec38a73a69ad7248de40ec6418809486 Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Tue, 9 Feb 2021 16:42:36 +0800 Subject: [PATCH] acpid: allow acpid to watch the directories in /dev Fixes: acpid: inotify_add_watch() failed: Permission denied (13) avc: denied { watch } for pid=269 comm="acpid" path="/dev/input" dev="devtmpfs" ino=35 scontext=system_u:system_r:acpid_t:s0-s15:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=dir permissive=0 Signed-off-by: Yi Zhao --- policy/modules/services/acpi.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/services/acpi.te b/policy/modules/services/acpi.te index 69f1dab4a..56f72081e 100644 --- a/policy/modules/services/acpi.te +++ b/policy/modules/services/acpi.te @@ -103,6 +103,7 @@ dev_read_realtime_clock(acpid_t) dev_read_urand(acpid_t) dev_rw_acpi_bios(acpid_t) dev_rw_sysfs(acpid_t) +dev_watch_dev_dirs(acpid_t) dev_dontaudit_getattr_all_chr_files(acpid_t) dev_dontaudit_getattr_all_blk_files(acpid_t)