Allow search xdm_var_run_t directories along with reading files.

Sep 07 23:30:46 localhost audisp-syslog[1669]: node=localhost type=AVC msg=audit(1694129445.663:3622): avc: denied { search } for pid=1844 comm="xhost" name="lightdm" dev="tmpfs" ino=1504 scontext=toor_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_var_run_t:s0 tclass=dir permissive=0 Signed-off-by: Dave Sugar <dsugar100@gmail.com>
2023-09-07 19:48:40 -04:00 · 2023-09-07 19:48:40 -04:00 · a603b3913d
commit a603b3913d
parent 9d03d2ef9e
1 changed files with 1 additions and 1 deletions
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@ -1010,7 +1010,7 @@ interface(`xserver_read_xdm_runtime_files',`
 	')

 	files_search_runtime($1)
-	allow $1 xdm_var_run_t:file read_file_perms;
+	read_files_pattern($1, xdm_var_run_t, xdm_var_run_t)
 ')

 ########################################