Allow alsa_t to set scheduling priority and send signal to itself

When alsactl is running as a daemon with systemd, it sets its process priority to be nice to other processes. When stopping the service, it's signaling to itself that it needs to exit. ---- time->Sun Oct 6 11:59:59 2019 type=AVC msg=audit(1570355999.755:43): avc: denied { setsched } for pid=794 comm="alsactl" scontext=system_u:system_r:alsa_t:s0 tcontext=system_u:system_r:alsa_t:s0 tclass=process permissive=1 ---- time->Sun Oct 6 11:59:59 2019 type=AVC msg=audit(1570355999.755:44): avc: denied { getsched } for pid=794 comm="alsactl" scontext=system_u:system_r:alsa_t:s0 tcontext=system_u:system_r:alsa_t:s0 tclass=process permissive=1 ---- time->Sun Oct 6 12:07:26 2019 type=AVC msg=audit(1570356446.747:292): avc: denied { signal } for pid=3585 comm="alsactl" scontext=system_u:system_r:alsa_t:s0 tcontext=system_u:system_r:alsa_t:s0 tclass=process permissive=1 Signed-off-by: Laurent Bigonville <bigon@bigon.be>
2019-10-06 12:32:03 +02:00 · 2019-10-06 12:32:03 +02:00 · 53a76d3fb7
parent 56a11f07c3
commit 53a76d3fb7
1 changed files with 1 additions and 0 deletions
--- a/policy/modules/admin/alsa.te
+++ b/policy/modules/admin/alsa.te
@ -44,6 +44,7 @@ files_lock_file(alsa_var_lock_t)
 allow alsa_t self:capability { dac_override dac_read_search ipc_owner setgid setuid };
 # kill : kill pulseaudio
 dontaudit alsa_t self:capability { kill sys_admin };
+allow alsa_t self:process { getsched setsched signal };
 allow alsa_t self:sem create_sem_perms;
 allow alsa_t self:shm create_shm_perms;
 allow alsa_t self:unix_stream_socket { accept listen };