systemd: allow systemd-hwdb to search init runtime directories

Fixes: avc: denied { search } for pid=54 comm="systemd-hwdb" name="systemd" dev="tmpfs" ino=664 scontext=system_u:system_r:systemd_hw_t tcontext=system_u:object_r:init_runtime_t tclass=dir permissive=1 avc: denied { search } for pid=54 comm="systemd-hwdb" name="systemd" dev="tmpfs" ino=664 scontext=system_u:system_r:systemd_hw_t tcontext=system_u:object_r:init_runtime_t tclass=dir permissive=1 Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
2020-08-13 12:08:03 +02:00 · 2020-08-13 12:08:03 +02:00 · 1ee738f708
parent f71d288e54
commit 1ee738f708
1 changed files with 1 additions and 0 deletions
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@ -461,6 +461,7 @@ selinux_get_fs_mount(systemd_hw_t)
 selinux_use_status_page(systemd_hw_t)

 init_read_state(systemd_hw_t)
+init_search_runtime(systemd_hw_t)

 seutil_read_config(systemd_hw_t)
 seutil_read_file_contexts(systemd_hw_t)