init: allow using system bus anon pidfs

Seen with systemd 255. This initially did not seem to impact anything,
but after a while I found that the kubernetes kubelet agent would not
start without this access.

type=AVC msg=audit(1705092131.239:37): avc:  denied  { use } for  pid=1 comm="systemd" path="anon_inode:[pidfd]" dev="anon_inodefs" ino=10 scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0 tclass=fd permissive=0

Signed-off-by: Kenton Groombridge <concord@gentoo.org>
This commit is contained in:
Kenton Groombridge 2024-01-12 17:15:30 -05:00 committed by 0xC0ncord
parent 29a5cc1abc
commit 4e7511f4ac
1 changed files with 1 additions and 0 deletions

View File

@ -609,6 +609,7 @@ ifdef(`init_systemd',`
optional_policy(` optional_policy(`
dbus_connect_system_bus(init_t) dbus_connect_system_bus(init_t)
dbus_use_system_bus_fds(init_t)
') ')
optional_policy(` optional_policy(`