diff options
author | Antoine Tenart <antoine.tenart@bootlin.com> | 2020-08-31 15:38:13 +0200 |
---|---|---|
committer | Jason Zaman <perfinion@gentoo.org> | 2020-10-11 14:00:05 -0700 |
commit | 326c950e7b3c5e3ab77aff79f16e6440421f47ae (patch) | |
tree | 35095645713cac574f04f9929f37e3cd758ca8d0 /policy/modules/system/udev.te | |
parent | .travis.yml: Point selint at only the policy dir. (diff) | |
download | hardened-refpolicy-326c950e7b3c5e3ab77aff79f16e6440421f47ae.tar.gz hardened-refpolicy-326c950e7b3c5e3ab77aff79f16e6440421f47ae.tar.bz2 hardened-refpolicy-326c950e7b3c5e3ab77aff79f16e6440421f47ae.zip |
udev: allow udevadm to retrieve xattrs
Fixes:
avc: denied { getattr } for pid=50 comm="udevadm" name="/" dev="vda"
ino=2 scontext=system_u:system_r:udevadm_t
tcontext=system_u:object_r:fs_t tclass=filesystem permissive=0
avc: denied { getattr } for pid=52 comm="udevadm" name="/" dev="vda"
ino=2 scontext=system_u:system_r:udevadm_t
tcontext=system_u:object_r:fs_t tclass=filesystem permissive=0
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
Diffstat (limited to 'policy/modules/system/udev.te')
-rw-r--r-- | policy/modules/system/udev.te | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te index 49380fb2c..2ef2337e3 100644 --- a/policy/modules/system/udev.te +++ b/policy/modules/system/udev.te @@ -451,3 +451,5 @@ kernel_read_kernel_sysctls(udevadm_t) kernel_read_system_state(udevadm_t) seutil_read_file_contexts(udevadm_t) + +fs_getattr_xattr_fs(udevadm_t) |