userdomain: allow netlink_kobject_uvent_socket creation
Not auditing this turns out to be the wrong choice for several reasons. For normal application functioning the user domain should be able to create netlink_kobject_uvent_socket sockets. Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
This commit is contained in:
parent
794ed7efd0
commit
ff8675f1c8
@ -530,8 +530,8 @@ template(`userdom_common_user_template',`
|
||||
dontaudit $1_t self:netlink_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
|
||||
dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
|
||||
|
||||
# gnome-settings-daemon tries to create a netlink socket
|
||||
dontaudit $1_t self:netlink_kobject_uevent_socket create_socket_perms;
|
||||
# gnome-settings-daemon and some applications create a netlink socket
|
||||
allow $1_t self:netlink_kobject_uevent_socket create_socket_perms;
|
||||
|
||||
allow $1_t unpriv_userdomain:fd use;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user