commit: 539a006d1873378406f513df611ebc0069c04211
Author: Kenton Groombridge <me <AT> concord <DOT> sh>
AuthorDate: Wed Dec 7 15:47:40 2022 +0000
Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org>
CommitDate: Tue Dec 13 19:07:40 2022 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=539a006d
userdom: allow admin users to use tcpdiag netlink sockets
Signed-off-by: Kenton Groombridge <me <AT> concord.sh>
Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org>
policy/modules/system/userdomain.if | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/system/userdomain.if
b/policy/modules/system/userdomain.if
index f3308eca2..9348e4f25 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1355,6 +1355,7 @@ template(`userdom_admin_user_template',`
allow $1_t self:cap_userns sys_ptrace;
allow $1_t self:process { setexec setfscreate };
allow $1_t self:netlink_audit_socket nlmsg_readpriv;
+ allow $1_t self:netlink_tcpdiag_socket create_netlink_socket_perms;
allow $1_t self:tun_socket create;
# Set password information for other users.
allow $1_t self:passwd { passwd chfn chsh };
