commit: 78f22e0b8a1383ea39c7621a85f8172010b2a7fb
Author: Kenton Groombridge <me <AT> concord <DOT> sh>
AuthorDate: Thu Mar 2 07:04:40 2023 +0000
Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org>
CommitDate: Fri Mar 31 17:11:22 2023 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=78f22e0b
zfs: allow sending signals to itself
Required for zfs snapshot.
Signed-off-by: Kenton Groombridge <me <AT> concord.sh>
Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org>
policy/modules/services/zfs.te | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/services/zfs.te b/policy/modules/services/zfs.te
index ebe389e05..bba787136 100644
--- a/policy/modules/services/zfs.te
+++ b/policy/modules/services/zfs.te
@@ -76,7 +76,7 @@ zfs_rw_zpool_cache(zed_t)
# zfs local policy
#
-allow zfs_t self:process { getsched signull };
+allow zfs_t self:process { getsched signal signull };
allow zfs_t self:capability { sys_admin sys_rawio };
allow zfs_t self:fifo_file rw_fifo_file_perms;
