packages/selinux-policy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
selinux-policy/backport-Allow-rpc.gssd-read-network-sysctls.patch
qsw33 703c655d68 merge patch
2023-08-24 11:33:18 +08:00

28 lines
1.0 KiB
Diff
Raw Permalink Blame History

From d6bb54218c4b3f5cbed4c3b7115dc43793ebdcba Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Wed, 16 Nov 2022 16:37:54 +0100
Subject: [PATCH] Allow rpc.gssd read network sysctls
Addresses the following AVC denial:
type=AVC msg=audit(1668606673.80:374): avc: denied { read } for pid=1236 comm="rpc.gssd" name="disable_ipv6" dev="proc" ino=32004 scontext=system_u:system_r:gssd_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file permissive=0
Resolves: rhbz#2143271
---
policy/modules/contrib/rpc.te | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/rpc.te b/policy/modules/contrib/rpc.te
index a13661a797..f94cfa5d24 100644
--- a/policy/modules/contrib/rpc.te
+++ b/policy/modules/contrib/rpc.te
@@ -369,7 +369,7 @@ kernel_read_system_state(gssd_t)
kernel_read_network_state(gssd_t)
kernel_read_network_state_symlinks(gssd_t)
kernel_request_load_module(gssd_t)
-kernel_search_network_sysctl(gssd_t)
+kernel_read_net_sysctls(gssd_t)
kernel_signal(gssd_t)
corecmd_exec_bin(gssd_t)
Reference in New Issue View Git Blame Copy Permalink