systemd: allow systemd-network to list the runtime directory

Fixes: avc: denied { read } for pid=58 comm="systemd-network" name="/" dev="tmpfs" ino=652 scontext=system_u:system_r:systemd_networkd_t tcontext=system_u:object_r:var_run_t tclass=dir permissive=1 avc: denied { read } for pid=58 comm="systemd-network" name="/" dev="tmpfs" ino=652 scontext=system_u:system_r:systemd_networkd_t tcontext=system_u:object_r:var_run_t tclass=dir permissive=1 Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
2020-10-05 17:51:05 +02:00 · 2020-10-05 17:51:05 +02:00 · e9228b49bb
parent 49a0771dd3
commit e9228b49bb
1 changed files with 1 additions and 0 deletions
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@ -787,6 +787,7 @@ dev_write_kmsg(systemd_networkd_t)
 files_read_etc_files(systemd_networkd_t)
 files_watch_runtime_dirs(systemd_networkd_t)
 files_watch_root_dirs(systemd_networkd_t)
+files_list_runtime(systemd_networkd_t)
 fs_getattr_xattr_fs(systemd_networkd_t)

 auth_use_nsswitch(systemd_networkd_t)