dbus: add watch perms

avc:  denied  { watch } for  pid=10630 comm="dbus-daemon" path="/usr/share/dbus-1/accessibility-services" dev="zfs" ino=244551 scontext=staff_u:staff_r:staff_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=dir permissive=0
avc:  denied  { watch } for  pid=10622 comm="dbus-daemon" path="/etc/dbus-1/session.d" dev="zfs" ino=262694 scontext=staff_u:staff_r:staff_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=dir permissive=0
Signed-off-by: Jason Zaman <jason@perfinion.com>
This commit is contained in:
Jason Zaman 2020-02-17 04:03:17 +08:00 committed by Chris PeBenito
parent dd84b117e2
commit adaea617cd
1 changed files with 2 additions and 0 deletions

View File

@ -219,6 +219,7 @@ allow session_bus_type self:netlink_selinux_socket create_socket_perms;
allow session_bus_type dbusd_etc_t:dir list_dir_perms;
read_files_pattern(session_bus_type, dbusd_etc_t, dbusd_etc_t)
read_lnk_files_pattern(session_bus_type, dbusd_etc_t, dbusd_etc_t)
allow session_bus_type dbusd_etc_t:dir watch;
manage_dirs_pattern(session_bus_type, session_dbusd_home_t, session_dbusd_home_t)
manage_files_pattern(session_bus_type, session_dbusd_home_t, session_dbusd_home_t)
@ -258,6 +259,7 @@ domain_use_interactive_fds(session_bus_type)
files_list_home(session_bus_type)
files_read_usr_files(session_bus_type)
files_watch_usr_dirs(session_bus_type)
files_dontaudit_search_var(session_bus_type)
fs_getattr_romfs(session_bus_type)