[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/

Kenton Groombridge Fri, 31 Mar 2023 16:07:24 -0700

commit:     cf0d634a0c0ea69374f2cf0c13bd08a5567e36f6
Author:     Kenton Groombridge <me <AT> concord <DOT> sh>
AuthorDate: Mon Mar  6 15:28:22 2023 +0000
Commit:     Kenton Groombridge <concord <AT> gentoo <DOT> org>
CommitDate: Fri Mar 31 17:11:32 2023 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=cf0d634a


raid: allow mdadm to read udev runtime files

This fixes this AVC:

avc:  denied  { getattr } for  pid=2238 comm="mdadm" path="/run/udev" 
dev="tmpfs" ino=52 scontext=system_u:system_r:mdadm_t:s0 
tcontext=system_u:object_r:udev_runtime_t:s0 tclass=dir permissive=0

Signed-off-by: Kenton Groombridge <me <AT> concord.sh>
Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org>

 policy/modules/system/raid.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/system/raid.te b/policy/modules/system/raid.te
index 5d44696cf..bd0c4bb85 100644
--- a/policy/modules/system/raid.te
+++ b/policy/modules/system/raid.te
@@ -85,6 +85,8 @@ logging_send_syslog_msg(mdadm_t)
 
 miscfiles_read_localization(mdadm_t)
 
+udev_read_runtime_files(mdadm_t)
+
 userdom_use_user_terminals(mdadm_t)
 userdom_dontaudit_use_unpriv_user_fds(mdadm_t)
 userdom_dontaudit_search_user_home_content(mdadm_t)

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/

Reply via email to