init: allow using system bus anon pidfs
Seen with systemd 255. This initially did not seem to impact anything, but after a while I found that the kubernetes kubelet agent would not start without this access. type=AVC msg=audit(1705092131.239:37): avc: denied { use } for pid=1 comm="systemd" path="anon_inode:[pidfd]" dev="anon_inodefs" ino=10 scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0 tclass=fd permissive=0 Signed-off-by: Kenton Groombridge <concord@gentoo.org>
This commit is contained in:
parent
29a5cc1abc
commit
4e7511f4ac
|
@ -609,6 +609,7 @@ ifdef(`init_systemd',`
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
dbus_connect_system_bus(init_t)
|
dbus_connect_system_bus(init_t)
|
||||||
|
dbus_use_system_bus_fds(init_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
|
Loading…
Reference in New Issue