sudo: allow sudo domains to create netlink selinux sockets

Signed-off-by: Kenton Groombridge <me@concord.sh>
2022-03-31 14:01:39 -04:00 · 2022-03-31 14:01:39 -04:00 · 3cac9e0e5d
parent 6fa7d7349d
commit 3cac9e0e5d
1 changed files with 1 additions and 0 deletions
--- a/policy/modules/admin/sudo.if
+++ b/policy/modules/admin/sudo.if
@ -66,6 +66,7 @@ template(`sudo_role_template',`
 	allow $1_sudo_t self:sem create_sem_perms;
 	allow $1_sudo_t self:msgq create_msgq_perms;
 	allow $1_sudo_t self:msg { send receive };
+	allow $1_sudo_t self:netlink_selinux_socket create_socket_perms;
 	allow $1_sudo_t self:unix_dgram_socket create_socket_perms;
 	allow $1_sudo_t self:unix_stream_socket create_stream_socket_perms;
 	allow $1_sudo_t self:unix_dgram_socket sendto;