From c75a32f2be222b8439fa02fa9c00b2baa93d913b Mon Sep 17 00:00:00 2001
From: Yi Zhao <yi.zhao@windriver.com>
Date: Wed, 15 Mar 2023 10:57:55 +0800
Subject: [PATCH] systemd: allow systemd-resolved to search directories on
 tmpfs and ramfs

Fixes:
avc:  denied  { search } for  pid=233 comm="systemd-resolve" name="/"
dev="tmpfs" ino=1 scontext=system_u:system_r:systemd_resolved_t
tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1

avc:  denied  { search } for  pid=233 comm="systemd-resolve" name="/"
dev="ramfs" ino=813 scontext=system_u:system_r:systemd_resolved_t
tcontext=system_u:object_r:ramfs_t tclass=dir permissive=1

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 policy/modules/system/systemd.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 117d8e809..ee8119cf3 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -1503,6 +1503,8 @@ files_list_runtime(systemd_resolved_t)
 
 fs_getattr_all_fs(systemd_resolved_t)
 fs_search_cgroup_dirs(systemd_resolved_t)
+fs_search_tmpfs(systemd_resolved_t)
+fs_search_ramfs(systemd_resolved_t)
 
 init_dgram_send(systemd_resolved_t)