systemd: allow systemd-sysctl to search directories on ramfs

Fixes: avc: denied { search } for pid=170 comm="systemd-sysctl" name="/" dev="ramfs" ino=14098 scontext=system_u:system_r:systemd_sysctl_t tcontext=system_u:object_r:ramfs_t tclass=dir permissive=0 Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
2023-03-02 19:02:12 +08:00 · 2023-03-02 19:02:12 +08:00 · 5e6fad9e4c
parent 3b1d4e715e
commit 5e6fad9e4c
1 changed files with 1 additions and 0 deletions
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@ -1574,6 +1574,7 @@ files_read_etc_files(systemd_sysctl_t)

 fs_getattr_all_fs(systemd_sysctl_t)
 fs_search_cgroup_dirs(systemd_sysctl_t)
+fs_search_ramfs(systemd_sysctl_t)

 systemd_log_parse_environment(systemd_sysctl_t)