RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

dbus: allow clients to list runtime dirs and named sockets 

Fixes:

avc:  denied  { read } for  pid=77 comm="systemd-resolve" name="dbus"
dev="tmpfs" ino=2748 scontext=system_u:system_r:systemd_resolved_t
tcontext=system_u:object_r:system_dbusd_runtime_t tclass=dir
permissive=1

avc:  denied  { read } for  pid=77 comm="systemd-resolve"
name="system_bus_socket" dev="tmpfs" ino=2765
scontext=system_u:system_r:systemd_resolved_t
tcontext=system_u:object_r:system_dbusd_runtime_t tclass=sock_file
permissive=1

avc:  denied  { read } for  pid=59 comm="systemd-network" name="dbus"
dev="tmpfs" ino=2777 scontext=system_u:system_r:systemd_networkd_t
tcontext=system_u:object_r:system_dbusd_runtime_t tclass=dir
permissive=1

avc:  denied  { read } for  pid=59 comm="systemd-network"
name="system_bus_socket" dev="tmpfs" ino=2791
scontext=system_u:system_r:systemd_networkd_t
tcontext=system_u:object_r:system_dbusd_runtime_t tclass=sock_file
permissive=1

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
This commit is contained in:
Antoine Tenart 2020-09-21 16:13:02 +02:00
parent 66c2ff9060
commit f99b6907f4
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/services/dbus.if
View File

@ -143,6 +143,8 @@ interface(`dbus_system_bus_client',`
stream_connect_pattern($1, system_dbusd_runtime_t, system_dbusd_runtime_t, system_dbusd_t)
dbus_read_config($1)
dbus_list_system_bus_runtime($1)
dbus_read_system_bus_runtime_named_sockets($1)
')
#######################################