userdomain: do not audit netlink socket creation attempts
Update the userdomain base module so that an unneeded permission is not audited. Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
This commit is contained in:
Guido Trentalancia
Chris PeBenito
parent
466286aa39
commit
69e5e0f72c
|
|
@ -507,6 +507,9 @@ template(`userdom_common_user_template',`
|
||||||
dontaudit $1_t self:netlink_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
|
dontaudit $1_t self:netlink_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
|
||||||
dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
|
dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
|
||||||
|
|
||||||
|
# gnome-settings-daemon tries to create a netlink socket
|
||||||
|
dontaudit $1_t self:netlink_kobject_uevent_socket create_socket_perms;
|
||||||
|
|
||||||
allow $1_t unpriv_userdomain:fd use;
|
allow $1_t unpriv_userdomain:fd use;
|
||||||
|
|
||||||
kernel_read_system_state($1_t)
|
kernel_read_system_state($1_t)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue