From cbf56c8aeacc439047b68b0ab25e1f5ed86a0c14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Thu, 4 Apr 2024 22:38:40 +0200 Subject: [PATCH] systemd: allow notify client to stat socket MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Caused by the latest openssh version in Debian sid: AVC avc: denied { getattr } for pid=13544 comm="sshd" path="/run/systemd/notify" dev="tmpfs" ino=286 scontext=system_u:system_r:sshd_t:s0 tcontext=system_u:object_r:systemd_runtime_notify_t:s0 tclass=sock_file permissive=0 Signed-off-by: Christian Göttsche --- policy/modules/system/systemd.if | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if index 28f0ad089..4ad1b4484 100644 --- a/policy/modules/system/systemd.if +++ b/policy/modules/system/systemd.if @@ -322,7 +322,7 @@ interface(`systemd_write_notify_socket',` init_list_runtime($1) init_unix_stream_socket_sendto($1) - allow $1 systemd_runtime_notify_t:sock_file write; + allow $1 systemd_runtime_notify_t:sock_file write_sock_file_perms; ') ######################################