packages/selinux-policy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
selinux-policy/backport-Allow-pkcs_slotd_t-bpf-capability-to-run-bpf-program.patch

23 lines
855 B
Diff
Raw Permalink Blame History

From 33f983cf633bbdfba33958ee313f469b869f3c30 Mon Sep 17 00:00:00 2001
From: Nikola Knazekova <nknazeko@redhat.com>
Date: Thu, 27 Oct 2022 14:27:43 +0200
Subject: [PATCH] Allow pkcs_slotd_t bpf capability to run bpf programs
Resolves: rhbz#2134827
---
policy/modules/contrib/pkcs.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/contrib/pkcs.te b/policy/modules/contrib/pkcs.te
index 4eb8a50c83..babcc56f60 100644
--- a/policy/modules/contrib/pkcs.te
+++ b/policy/modules/contrib/pkcs.te
@@ -47,6 +47,7 @@ systemd_unit_file(pkcs_slotd_unit_file_t)
#
allow pkcs_slotd_t self:capability { fsetid kill chown };
+allow pkcs_slotd_t self:capability2 bpf;
allow pkcs_slotd_t self:fifo_file rw_fifo_file_perms;
allow pkcs_slotd_t self:netlink_kobject_uevent_socket create_socket_perms;
allow pkcs_slotd_t self:sem create_sem_perms;
Reference in New Issue View Git Blame Copy Permalink