systemd: allow systemd-rfkill to get attributes of all fs

Fixes: avc: denied { getattr } for pid=238 comm="systemd-rfkill" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:systemd_rfkill_t:s0-s15:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=1 Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
2022-10-31 16:25:56 +08:00 · 2022-10-31 16:25:56 +08:00 · d4b19952c2
commit d4b19952c2
parent c98bb9c716
1 changed files with 1 additions and 2 deletions
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@ -1394,8 +1394,7 @@ manage_dirs_pattern(systemd_rfkill_t, systemd_rfkill_var_lib_t, systemd_rfkill_v
 manage_files_pattern(systemd_rfkill_t, systemd_rfkill_var_lib_t, systemd_rfkill_var_lib_t)
 init_var_lib_filetrans(systemd_rfkill_t, systemd_rfkill_var_lib_t, dir)

-fs_getattr_cgroup(systemd_rfkill_t)
-fs_getattr_xattr_fs(systemd_rfkill_t)
+fs_getattr_all_fs(systemd_rfkill_t)

 kernel_getattr_proc(systemd_rfkill_t)
 kernel_read_kernel_sysctls(systemd_rfkill_t)