nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

udev: fix for systemd-udevd

Browse Source 
Fixes:
avc:  denied  { setrlimit } for  pid=194 comm="systemd-udevd"
scontext=system_u:system_r:udev_t tcontext=system_u:system_r:udev_t
tclass=process permissive=0

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
This commit is contained in:
Yi Zhao 2024-02-04 12:44:50 +08:00
parent 9d3513c7fa
commit 3d565b0a3a
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/system/udev.te
View File

@ -40,7 +40,7 @@ optional_policy(`
allow udev_t self:capability { chown dac_override dac_read_search fowner fsetid mknod net_admin net_raw setgid setuid sys_admin sys_nice sys_ptrace sys_rawio sys_resource };
allow udev_t self:capability2 { wake_alarm block_suspend };
allow udev_t self:process { transition signal_perms ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setfscreate noatsecure siginh rlimitinh dyntransition execmem setkeycreate setsockcreate getrlimit };
allow udev_t self:process { transition signal_perms ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setfscreate noatsecure siginh rlimitinh dyntransition execmem setkeycreate setsockcreate setrlimit getrlimit };
allow udev_t self:fd use;
allow udev_t self:fifo_file rw_fifo_file_perms;
allow udev_t self:sock_file read_sock_file_perms;