nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

udev: allow systemd-vconsole-setup to sys_tty_config

Browse Source 
Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
Kenton Groombridge 2021-03-14 13:49:00 -04:00
parent 42d46c14bc
commit 95dc0f0de3
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
policy/modules/system/udev.te
View File

@ -41,7 +41,6 @@ ifdef(`enable_mcs',`
#
allow udev_t self:capability { chown dac_override dac_read_search fowner fsetid mknod net_admin net_raw setgid setuid sys_admin sys_nice sys_ptrace sys_rawio sys_resource };
dontaudit udev_t self:capability sys_tty_config;
allow udev_t self:capability2 { wake_alarm block_suspend };
allow udev_t self:process { transition signal_perms ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setfscreate noatsecure siginh rlimitinh dyntransition execmem setkeycreate setsockcreate getrlimit };
allow udev_t self:fd use;
@ -58,6 +57,13 @@ allow udev_t self:netlink_kobject_uevent_socket create_socket_perms;
allow udev_t self:netlink_generic_socket create_socket_perms;
allow udev_t self:rawip_socket create_socket_perms;
ifdef(`init_systemd',`
# systemd-vconsole-setup will be called by udev during virtual terminal initialization
allow udev_t self:capability sys_tty_config;
',`
dontaudit udev_t self:capability sys_tty_config;
')
# for systemd-udevd to rename interfaces
allow udev_t self:netlink_route_socket nlmsg_write;