packages/selinux-policy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
selinux-policy/backport-Allow-chronyc-read-and-write-generic-pty-type.patch
zcfsite 70654a7719 backport upstream patches
2023-06-30 17:29:07 +08:00

27 lines
1.5 KiB
Diff
Raw Permalink Blame History

From 822a150f673b5d376d077777d0bb41cbd3352c6b Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Mon, 22 Aug 2022 12:44:49 +0200
Subject: [PATCH] Allow chronyc read and write generic pty type
Addresses the following AVC denial:
type=PROCTITLE msg=audit(22.08.2022 11:35:41.535:261) : proctitle=/usr/bin/chronyc sources
type=EXECVE msg=audit(22.08.2022 11:35:41.535:261) : argc=2 a0=/usr/bin/chronyc a1=sources
type=SYSCALL msg=audit(22.08.2022 11:35:41.535:261) : arch=x86_64 syscall=execve success=yes exit=0 a0=0x7ffeb8105f8f a1=0x7ffeb81049e8 a2=0x7ffeb8104a00 a3=0x8 items=0 ppid=3294 pid=3295 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=chronyc exe=/usr/bin/chronyc subj=system_u:system_r:chronyc_t:s0 key=(null)
type=AVC msg=audit(22.08.2022 11:35:41.535:261) : avc: denied { read write } for pid=3295 comm=chronyc path=/dev/pts/1 dev="devpts" ino=4 scontext=system_u:system_r:chronyc_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file permissive=0
---
policy/modules/contrib/chronyd.te | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/policy/modules/contrib/chronyd.te b/policy/modules/contrib/chronyd.te
index 342735bc0c..3c69b3ddd6 100644
--- a/policy/modules/contrib/chronyd.te
+++ b/policy/modules/contrib/chronyd.te
@@ -237,3 +237,7 @@ userdom_users_dgram_send(chronyc_t)
optional_policy(`
nscd_shm_use(chronyc_t)
')
+
+optional_policy(`
+ term_use_generic_ptys(chronyc_t)
+')
Reference in New Issue View Git Blame Copy Permalink