udev: Watch devices.

Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
2019-12-20 14:37:29 -05:00 · 2019-12-20 14:37:29 -05:00 · 46f2e627e6
parent e2ac94d08d
commit 46f2e627e6
1 changed files with 5 additions and 0 deletions
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@ -920,6 +920,11 @@ interface(`dev_manage_all_dev_nodes',`
 	relabel_dirs_pattern($1, device_t, device_t)
 	relabel_chr_files_pattern($1, device_t, { device_t device_node })
 	relabel_blk_files_pattern($1, device_t, { device_t device_node })
+	allow $1 { device_t device_node }:dir watch;
+	allow $1 { device_t device_node }:sock_file watch;
+	allow $1 { device_t device_node }:lnk_file watch;
+	allow $1 { device_t device_node }:chr_file watch;
+	allow $1 { device_t device_node }:blk_file watch;

 	# these next rules are to satisfy assertions broken by the above lines.
 	# the permissions hopefully can be cut back a lot