sysnetwork: allow ifconfig to read usr files

ip wants to read files in /usr/share/iproute2. type=AVC msg=audit(1715785441.968:297208): avc: denied { read } for pid=3559095 comm="ip" name="group" dev="dm-1" ino=1075055 scontext=staff_u:sysadm_r:ifconfig_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file permissive=0 Signed-off-by: Kenton Groombridge <concord@gentoo.org>
2024-05-15 11:04:51 -04:00 · 2024-05-15 11:04:51 -04:00 · 578375480d
parent 6916e9b20c
commit 578375480d
1 changed files with 1 additions and 0 deletions
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@ -343,6 +343,7 @@ domain_use_interactive_fds(ifconfig_t)

 files_read_etc_files(ifconfig_t)
 files_read_etc_runtime_files(ifconfig_t)
+files_read_usr_files(ifconfig_t)

 fs_getattr_xattr_fs(ifconfig_t)
 fs_read_nsfs_files(ifconfig_t)