From 34547434b84fe7430037249b5726e53cf86352f1 Mon Sep 17 00:00:00 2001
From: Antoine Tenart <antoine.tenart@bootlin.com>
Date: Fri, 18 Sep 2020 16:29:41 +0200
Subject: [PATCH] systemd: allow systemd-network to get attributes of fs

Fixes:

avc:  denied  { getattr } for  pid=57 comm="systemd-network" name="/"
dev="vda" ino=2 scontext=system_u:system_r:systemd_networkd_t
tcontext=system_u:object_r:fs_t tclass=filesystem permissive=0

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
---
 policy/modules/system/systemd.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index eb6f782f4..f58ad97dc 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -785,6 +785,7 @@ dev_write_kmsg(systemd_networkd_t)
 files_read_etc_files(systemd_networkd_t)
 files_watch_runtime_dirs(systemd_networkd_t)
 files_watch_root_dirs(systemd_networkd_t)
+fs_getattr_xattr_fs(systemd_networkd_t)
 
 auth_use_nsswitch(systemd_networkd_t)