From 69e6c33c4671589daa98afc19e76f2726ce249bd Mon Sep 17 00:00:00 2001 From: Kenton Groombridge Date: Mon, 6 Mar 2023 10:28:22 -0500 Subject: [PATCH] raid: allow mdadm to read udev runtime files This fixes this AVC: avc: denied { getattr } for pid=2238 comm="mdadm" path="/run/udev" dev="tmpfs" ino=52 scontext=system_u:system_r:mdadm_t:s0 tcontext=system_u:object_r:udev_runtime_t:s0 tclass=dir permissive=0 Signed-off-by: Kenton Groombridge --- policy/modules/system/raid.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/system/raid.te b/policy/modules/system/raid.te index 5d44696cf..bd0c4bb85 100644 --- a/policy/modules/system/raid.te +++ b/policy/modules/system/raid.te @@ -85,6 +85,8 @@ logging_send_syslog_msg(mdadm_t) miscfiles_read_localization(mdadm_t) +udev_read_runtime_files(mdadm_t) + userdom_use_user_terminals(mdadm_t) userdom_dontaudit_use_unpriv_user_fds(mdadm_t) userdom_dontaudit_search_user_home_content(mdadm_t)