dbus: allow dbus-daemon to map SELinux status page

Fixes: avc: denied { map } for pid=328 comm="dbus-daemon" path="/sys/fs/selinux/status" dev="selinuxfs" ino=19 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:security_t tclass=file permissive=0 Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
2021-09-26 13:56:36 +08:00 · 2021-09-26 13:56:36 +08:00 · 5a24f59407
commit 5a24f59407
parent 39858a7528
1 changed files with 1 additions and 0 deletions
--- a/policy/modules/services/dbus.te
+++ b/policy/modules/services/dbus.te
@ -129,6 +129,7 @@ mls_socket_read_to_clearance(system_dbusd_t)
 mls_dbus_recv_all_levels(system_dbusd_t)

 selinux_get_fs_mount(system_dbusd_t)
+selinux_use_status_page(system_dbusd_t)
 selinux_validate_context(system_dbusd_t)
 selinux_compute_access_vector(system_dbusd_t)
 selinux_compute_create_context(system_dbusd_t)