nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
742b10b70d
selinux-refpolicy/policy/modules/system/udev.fc
Yi Zhao 7ae40510fd udev: allow udev_t to watch udev_rules_t dir 
Fixes:
avc: denied { watch } for pid=187 comm="udevd" path="/lib/udev/rules.d"
dev="vda" ino=1060 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:lib_t tclass=dir permissive=0

avc: denied { watch } for pid=187 comm="udevd" path="/etc/udev/rules.d"
dev="vda" ino=886 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:udev_rules_t tclass=dir permissive=0

avc: denied { watch } for pid=187 comm="udevd" path="/run/udev/rules.d"
dev="tmpfs" ino=4 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:udev_runtime_t tclass=dir permissive=0

avc: denied { watch } for pid=196 comm="udevadm" path="/run/udev"
dev="tmpfs" ino=2 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:udev_runtime_t tclass=dir permissive=0

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
2021-10-27 11:20:11 +08:00

43 lines
1.9 KiB
Plaintext
Raw Blame History

/etc/dev\.d/.+ -- gen_context(system_u:object_r:udev_helper_exec_t,s0)
/etc/hotplug\.d/default/udev.* -- gen_context(system_u:object_r:udev_helper_exec_t,s0)
/etc/udev/rules\.d(/.*)? gen_context(system_u:object_r:udev_rules_t,s0)
/etc/udev/scripts/.+ -- gen_context(system_u:object_r:udev_helper_exec_t,s0)
/usr/bin/udev -- gen_context(system_u:object_r:udev_exec_t,s0)
/usr/bin/udevadm -- gen_context(system_u:object_r:udev_exec_t,s0)
/usr/bin/udevd -- gen_context(system_u:object_r:udev_exec_t,s0)
/usr/bin/udevinfo -- gen_context(system_u:object_r:udev_exec_t,s0)
/usr/bin/udevsend -- gen_context(system_u:object_r:udev_exec_t,s0)
/usr/bin/udevstart -- gen_context(system_u:object_r:udev_exec_t,s0)
/usr/bin/wait_for_sysfs -- gen_context(system_u:object_r:udev_exec_t,s0)
ifdef(`distro_debian',`
/usr/lib/udev/create_static_nodes -- gen_context(system_u:object_r:udev_exec_t,s0)
')
/usr/sbin/udev -- gen_context(system_u:object_r:udev_exec_t,s0)
/usr/sbin/udevadm -- gen_context(system_u:object_r:udev_exec_t,s0)
/usr/sbin/udevd -- gen_context(system_u:object_r:udev_exec_t,s0)
/usr/sbin/udevsend -- gen_context(system_u:object_r:udev_exec_t,s0)
/usr/sbin/udevstart -- gen_context(system_u:object_r:udev_exec_t,s0)
/usr/sbin/wait_for_sysfs -- gen_context(system_u:object_r:udev_exec_t,s0)
ifdef(`distro_redhat',`
/usr/sbin/start_udev -- gen_context(system_u:object_r:udev_exec_t,s0)
')
/usr/lib/systemd/systemd-udevd -- gen_context(system_u:object_r:udev_exec_t,s0)
/usr/lib/udev/udev-acl -- gen_context(system_u:object_r:udev_exec_t,s0)
/usr/lib/udev/rules\.d(/.*)? gen_context(system_u:object_r:udev_rules_t,s0)
/usr/share/virtualbox/VBoxCreateUSBNode\.sh -- gen_context(system_u:object_r:udev_helper_exec_t,s0)
/run/udev(/.*)? gen_context(system_u:object_r:udev_runtime_t,s0)
/run/udev/rules\.d(/.*)? gen_context(system_u:object_r:udev_rules_t,s0)
ifdef(`distro_debian',`
/run/xen-hotplug -d gen_context(system_u:object_r:udev_runtime_t,s0)
')
Reference in New Issue View Git Blame Copy Permalink