commit: 34127751552f504b35300a30876eda61b0f38733
Author: Kenton Groombridge <me <AT> concord <DOT> sh>
AuthorDate: Tue Mar 7 00:15:24 2023 +0000
Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org>
CommitDate: Fri Mar 31 17:11:32 2023 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=34127751
init: allow initrc_t to create netlink_kobject_uevent_sockets
Needed by rdma-rdd, which is automatically started by udev when an RDMA
device with a node description is present.
Signed-off-by: Kenton Groombridge <me <AT> concord.sh>
Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org>
policy/modules/system/init.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 936b212eb..999721551 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -705,6 +705,7 @@ allow initrc_t self:process { getcap getpgid setsched
setpgid setrlimit getsched
allow initrc_t self:capability { chown dac_override dac_read_search fowner
fsetid kill setgid setuid setpcap linux_immutable net_bind_service
net_broadcast net_admin net_raw ipc_lock ipc_owner sys_rawio sys_chroot
sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_time sys_tty_config
mknod lease audit_write audit_control setfcap };
allow initrc_t self:capability2 { wake_alarm block_suspend };
dontaudit initrc_t self:capability sys_module; # sysctl is triggering this
+allow initrc_t self:netlink_kobject_uevent_socket create_socket_perms; #
needed by rdma-ndd
allow initrc_t self:passwd rootok;
allow initrc_t self:key manage_key_perms;
