nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

systemd: allow systemd-networkd to create file in /run/systemd directory

Browse Source 
systemd-networkd creates files in /run/systemd directory which should be
labeled appropriately.

Fixes:
avc:  denied  { create } for  pid=136 comm="systemd-network"
name=".#networkd2c6a2ac2dbf34a8"
scontext=system_u:system_r:systemd_networkd_t
tcontext=system_u:object_r:init_runtime_t tclass=file permissive=1

avc:  denied  { write } for  pid=136 comm="systemd-network"
path="/run/systemd/.#networkd2c6a2ac2dbf34a8" dev="tmpfs" ino=81
scontext=system_u:system_r:systemd_networkd_t
tcontext=system_u:object_r:init_runtime_t tclass=file permissive=1

avc:  denied  { setattr } for  pid=136 comm="systemd-network"
name=".#networkd2c6a2ac2dbf34a8" dev="tmpfs" ino=81
scontext=system_u:system_r:systemd_networkd_t
tcontext=system_u:object_r:init_runtime_t tclass=file permissive=1

avc:  denied  { rename } for  pid=136 comm="systemd-network"
name=".#networkd2c6a2ac2dbf34a8" dev="tmpfs" ino=81
scontext=system_u:system_r:systemd_networkd_t
tcontext=system_u:object_r:init_runtime_t tclass=file permissive=1

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
This commit is contained in:
Yi Zhao 2023-09-21 11:31:31 +08:00
parent 227786eed7
commit 8758b782e5
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/system/systemd.te
View File

@ -1141,7 +1141,7 @@ auth_use_nsswitch(systemd_networkd_t)
init_dgram_send(systemd_networkd_t)
init_read_state(systemd_networkd_t)
init_read_runtime_files(systemd_networkd_t)
init_runtime_filetrans(systemd_networkd_t, systemd_networkd_runtime_t, dir)
init_runtime_filetrans(systemd_networkd_t, systemd_networkd_runtime_t, { dir file })
logging_send_syslog_msg(systemd_networkd_t)