nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

systemd: allow systemd-backlight to read kernel sysctl settings

Browse Source 
Fixes:
avc:  denied  { read } for  pid=359 comm="systemd-backlig" name="osrelease"
dev="proc" ino=1457 scontext=system_u:system_r:systemd_backlight_t:s0-s15:c0.c1023
tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=file permissive=1

avc:  denied  { open } for  pid=359 comm="systemd-backlig" path="/proc/sys/kernel/osrelease"
dev="proc" ino=1457 scontext=system_u:system_r:systemd_backlight_t:s0-s15:c0.c1023
tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=file permissive=1

avc:  denied  { getattr } for  pid=359 comm="systemd-backlig" path="/proc/sys/kernel/osrelease"
dev="proc" ino=1457 scontext=system_u:system_r:systemd_backlight_t:s0-s15:c0.c1023
tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=file permissive=1

avc:  denied  { ioctl } for  pid=359 comm="systemd-backlig" path="/proc/sys/kernel/osrelease"
dev="proc" ino=1457 ioctlcmd=0x5401 scontext=system_u:system_r:systemd_backlight_t:s0-s15:c0.c1023
tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=file permissive=1

avc:  denied  { getattr } for  pid=359 comm="systemd-backlig" name="/" dev="tmpfs" ino=1
scontext=system_u:system_r:systemd_backlight_t:s0-s15:c0.c1023
tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=1

avc:  denied  { search } for  pid=359 comm="systemd-backlig" name="/" dev="tmpfs" ino=1
scontext=system_u:system_r:systemd_backlight_t:s0-s15:c0.c1023
tcontext=system_u:object_r:cgroup_t:s0 tclass=dir permissive=1

avc:  denied  { getattr } for  pid=359 comm="systemd-backlig" name="/" dev="cgroup2" ino=1
scontext=system_u:system_r:systemd_backlight_t:s0-s15:c0.c1023
tcontext=system_u:object_r:cgroup_t:s0 tclass=filesystem permissive=1

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
This commit is contained in:
Yi Zhao 2022-10-31 15:54:10 +08:00
parent 31a32f53ee
commit c98bb9c716
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
policy/modules/system/systemd.te
View File

@ -360,7 +360,7 @@ systemd_log_parse_environment(systemd_backlight_t)
# Allow systemd-backlight to write to /sys/class/backlight/*/brightness
dev_rw_sysfs(systemd_backlight_t)
kernel_dontaudit_search_kernel_sysctl(systemd_backlight_t)
kernel_read_kernel_sysctls(systemd_backlight_t)
# for udev.conf
files_read_etc_files(systemd_backlight_t)
@ -370,6 +370,9 @@ udev_read_runtime_files(systemd_backlight_t)
files_search_var_lib(systemd_backlight_t)
fs_getattr_all_fs(systemd_backlight_t)
fs_search_cgroup_dirs(systemd_backlight_t)
#######################################
#
# Binfmt local policy