udev: update

AVC avc: denied { create } for pid=685 comm="ifquery" name="network" scontext=system_u:system_r:udev_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir permissive=1 Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2024-02-22 18:00:51 +01:00 · 2024-02-22 18:00:51 +01:00 · 06927582c8
commit 06927582c8
parent 395f5cb588
2 changed files with 33 additions and 0 deletions
--- a/policy/modules/system/sysnetwork.if
+++ b/policy/modules/system/sysnetwork.if
@ -489,6 +489,7 @@ interface(`sysnet_create_config',`
 	')
 	files_search_etc($1)
 	allow $1 net_conf_t:dir { add_entry_dir_perms create_dir_perms };
 	allow $1 net_conf_t:file create_file_perms;
 ')
@ -535,6 +536,35 @@ interface(`sysnet_etc_filetrans_config',`
 	files_etc_filetrans($1, net_conf_t, file, $2)
 ')
 #######################################
 ## <summary>
 ##	Create files in /run with the type used for
 ##	the network config files.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
 ## <param name="object">
 ##	<summary>
 ##	The object class of the object being created.
 ##	</summary>
 ## </param>
 ## <param name="name" optional="true">
 ##	<summary>
 ##	The name of the object being created.
 ##	</summary>
 ## </param>
 #
 interface(`sysnet_runtime_filetrans_config',`
 	gen_require(`
 		type net_conf_t;
 	')
 	files_runtime_filetrans($1, net_conf_t, $2, $3)
 ')
 #######################################
 ## <summary>
 ##	Create, read, write, and delete network config files.
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@ -217,6 +217,9 @@ ifdef(`distro_debian',`
 	files_runtime_filetrans(udev_t, udev_runtime_t, dir, "xen-hotplug")
 	sysnet_runtime_filetrans_config(udev_t, dir, "network")
 	sysnet_create_config(udev_t)
 	optional_policy(`
 		# for /usr/lib/avahi/avahi-daemon-check-dns.sh
 		kernel_read_vm_sysctls(udev_t)