systemd: allow systemd-rfkill to getopt from uevent sockets

Fixes: avc: denied { getopt } for pid=313 comm="systemd-rfkill" scontext=system_u:system_r:systemd_rfkill_t:s0-s15:c0.c1023 tcontext=system_u:system_r:systemd_rfkill_t:s0-s15:c0.c1023 tclass=netlink_kobject_uevent_socket permissive=1 Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
2024-02-04 11:16:37 +08:00 · 2024-02-04 11:16:37 +08:00 · 9d3513c7fa
commit 9d3513c7fa
parent ecc6e3ccde
1 changed files with 1 additions and 1 deletions
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@ -1513,7 +1513,7 @@ logging_send_syslog_msg(systemd_pstore_t)
 # Rfkill local policy
 #

-allow systemd_rfkill_t self:netlink_kobject_uevent_socket { bind create getattr read setopt };
+allow systemd_rfkill_t self:netlink_kobject_uevent_socket { bind create getattr read getopt setopt };

 manage_dirs_pattern(systemd_rfkill_t, systemd_rfkill_var_lib_t, systemd_rfkill_var_lib_t)
 manage_files_pattern(systemd_rfkill_t, systemd_rfkill_var_lib_t, systemd_rfkill_var_lib_t)