udev.service sandbox required permissions

Signed-off-by: bauen1 <j2468h@gmail.com>
2020-05-16 22:45:36 +02:00 · 2020-05-16 22:45:36 +02:00 · 83a39ad4fd
parent 0a596401f1
commit 83a39ad4fd
1 changed files with 4 additions and 0 deletions
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@ -136,6 +136,10 @@ genfscon proc /sys/fs gen_context(system_u:object_r:sysctl_fs_t,s0)
 type sysctl_kernel_t, sysctl_type;
 genfscon proc /sys/kernel gen_context(system_u:object_r:sysctl_kernel_t,s0)

+optional_policy(`
+	init_mountpoint(sysctl_kernel_t)
+')
+
 # /sys/kernel/ns_last_pid file
 type sysctl_kernel_ns_last_pid_t, sysctl_type;
 genfscon proc /sys/kernel/ns_last_pid gen_context(system_u:object_r:sysctl_kernel_ns_last_pid_t,s0)