kernel/xen: Add map permission to the dev_rw_xen

type=AVC msg=audit(1504637347.487:280): avc: denied { map } for pid=857 comm="xenconsoled" path="/dev/xen/privcmd" dev="devtmpfs" ino=16289 scontext=system_u:system_r:xenconsoled_t:s0 Without this we can't use xenconsole (client) to talk to xenconsoled (server). Signed-off-by: Konrad Rzeszutek Wilk <konrad@kernel.org>
2017-10-09 11:53:47 -04:00 · 2017-10-09 11:53:47 -04:00 · b5c8b1d77d
parent c7d48c3bc2
commit b5c8b1d77d
1 changed files with 1 additions and 0 deletions
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@ -4984,6 +4984,7 @@ interface(`dev_rw_xen',`
 	')

 	rw_chr_files_pattern($1, device_t, xen_device_t)
+	allow $1 xen_device_t:chr_file map;
 ')

 ########################################