init: allow initrc_t to create netlink_kobject_uevent_sockets

Needed by rdma-rdd, which is automatically started by udev when an RDMA device with a node description is present. Signed-off-by: Kenton Groombridge <me@concord.sh>
2023-03-06 19:15:24 -05:00 · 2023-03-06 19:15:24 -05:00 · edef7a8469
commit edef7a8469
parent 5b0aa89da7
1 changed files with 1 additions and 0 deletions
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@ -705,6 +705,7 @@ allow initrc_t self:process { getcap getpgid setsched setpgid setrlimit getsched
 allow initrc_t self:capability { chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_rawio sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap };
 allow initrc_t self:capability2 { wake_alarm block_suspend };
 dontaudit initrc_t self:capability sys_module; # sysctl is triggering this
+allow initrc_t self:netlink_kobject_uevent_socket create_socket_perms; # needed by rdma-ndd
 allow initrc_t self:passwd rootok;
 allow initrc_t self:key manage_key_perms;