From 0b67d4d4f01428ebf80f2b695c970a27ed620b03 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Wed, 31 May 2023 08:54:38 +0200 Subject: [PATCH] Allow exim read network sysctls The commit addresses the following AVC denial: type=AVC msg=audit(1685423685.876:788): avc: denied { search } for pid=41331 comm="exim" name="net" dev="proc" ino=736304 scontext=system_u:system_r:exim_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir permissive=0 Resolves: rhbz#2211025 --- policy/modules/contrib/exim.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/contrib/exim.te b/policy/modules/contrib/exim.te index 6e6792b06d..8ca4e25045 100644 --- a/policy/modules/contrib/exim.te +++ b/policy/modules/contrib/exim.te @@ -104,6 +104,7 @@ can_exec(exim_t, exim_exec_t) kernel_read_crypto_sysctls(exim_t) kernel_read_kernel_sysctls(exim_t) +kernel_read_net_sysctls(exim_t) kernel_read_network_state(exim_t) kernel_read_system_state(exim_t)