If domain can read system_dbusd_var_lib_t files, also allow symlinks
node=localhost type=AVC msg=audit(1689811752.145:511): avc: denied { read } for pid=2622 comm="lightdm-gtk-gre" name="machine-id" dev="dm-10" ino=262170 scontext=system_u:system_r:xdm_t:s0 tcontext=system_u:object_r:system_dbusd_var_lib_t:s0 tclass=lnk_file permissive=0 node=localhost type=AVC msg=audit(1689811752.404:514): avc: denied { read } for pid=2629 comm="at-spi-bus-laun" name="machine-id" dev="dm-10" ino=262170 scontext=system_u:system_r:xdm_t:s0 tcontext=system_u:object_r:system_dbusd_var_lib_t:s0 tclass=lnk_file permissive=0 Signed-off-by: Dave Sugar <dsugar100@gmail.com>
This commit is contained in:
parent
97e35d8845
commit
b128e7ea2d
|
@ -142,6 +142,7 @@ interface(`dbus_system_bus_client',`
|
|||
|
||||
files_search_var_lib($1)
|
||||
read_files_pattern($1, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
|
||||
read_lnk_files_pattern($1, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
|
||||
|
||||
files_search_runtime($1)
|
||||
stream_connect_pattern($1, system_dbusd_runtime_t, system_dbusd_runtime_t, system_dbusd_t)
|
||||
|
|
Loading…
Reference in New Issue