RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

systemd: allow systemd-getty-generator to read and write unallocated ttys 

Fixes:

avc:  denied  { read write } for  pid=40 comm="systemd-getty-g"
name="ttyS0" dev="devtmpfs" ino=612
scontext=system_u:system_r:systemd_generator_t
tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1

avc:  denied  { open } for  pid=40 comm="systemd-getty-g"
path="/dev/ttyS0" dev="devtmpfs" ino=612
scontext=system_u:system_r:systemd_generator_t
tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1

avc:  denied  { ioctl } for  pid=40 comm="systemd-getty-g"
path="/dev/ttyS0" dev="devtmpfs" ino=612 ioctlcmd=0x5401
scontext=system_u:system_r:systemd_generator_t
tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
This commit is contained in:
Antoine Tenart 2020-09-25 09:30:38 +02:00
parent bc7a84d643
commit 49a0771dd3
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/system/systemd.te
View File

@ -402,6 +402,8 @@ storage_raw_read_fixed_disk(systemd_generator_t)
systemd_log_parse_environment(systemd_generator_t)
term_use_unallocated_ttys(systemd_generator_t)
optional_policy(`
fstools_exec(systemd_generator_t)
')