From ae35b48f8e38077884138cd03a7045014b6ba740 Mon Sep 17 00:00:00 2001 From: Nicolas Iooss Date: Sat, 12 Jan 2019 18:13:43 +0100 Subject: [PATCH] selinuxutil: allow restorecond to read symlinks As restorecond dereferences symlinks when it encounters them in user home directories, allow this access. --- policy/modules/system/selinuxutil.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te index 2aad79542..d1c9fbf48 100644 --- a/policy/modules/system/selinuxutil.te +++ b/policy/modules/system/selinuxutil.te @@ -372,6 +372,7 @@ selinux_compute_user_contexts(restorecond_t) files_relabel_non_auth_files(restorecond_t ) files_read_non_auth_files(restorecond_t) +files_read_non_auth_symlinks(restorecond_t) auth_use_nsswitch(restorecond_t) logging_send_syslog_msg(restorecond_t)