systemd: allow systemd-resolved to search directories on tmpfs and ramfs

Fixes:
avc:  denied  { search } for  pid=233 comm="systemd-resolve" name="/"
dev="tmpfs" ino=1 scontext=system_u:system_r:systemd_resolved_t
tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1

avc:  denied  { search } for  pid=233 comm="systemd-resolve" name="/"
dev="ramfs" ino=813 scontext=system_u:system_r:systemd_resolved_t
tcontext=system_u:object_r:ramfs_t tclass=dir permissive=1

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
This commit is contained in:
Yi Zhao 2023-03-15 10:57:55 +08:00
parent 7416ac14f9
commit c75a32f2be
1 changed files with 2 additions and 0 deletions

View File

@ -1503,6 +1503,8 @@ files_list_runtime(systemd_resolved_t)
fs_getattr_all_fs(systemd_resolved_t)
fs_search_cgroup_dirs(systemd_resolved_t)
fs_search_tmpfs(systemd_resolved_t)
fs_search_ramfs(systemd_resolved_t)
init_dgram_send(systemd_resolved_t)