systemd: allow systemd-resolve to read in tmpfs

Fixes: avc: denied { read } for pid=76 comm="systemd-resolve" name="/" dev="tmpfs" ino=651 scontext=system_u:system_r:systemd_resolved_t tcontext=system_u:object_r:var_run_t tclass=dir permissive=1 Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
2020-08-13 14:08:37 +02:00 · 2020-08-13 14:08:37 +02:00 · fdda7befa5
parent 34547434b8
commit fdda7befa5
1 changed files with 1 additions and 0 deletions
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@ -1095,6 +1095,7 @@ auth_use_nsswitch(systemd_resolved_t)

 files_watch_root_dirs(systemd_resolved_t)
 files_watch_runtime_dirs(systemd_resolved_t)
+files_list_runtime(systemd_resolved_t)

 init_dgram_send(systemd_resolved_t)