packages/selinux-policy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
selinux-policy/backport-Allow-tlp-read-generic-SSL-certificates.patch
qsw33 703c655d68 merge patch
2023-08-24 11:33:18 +08:00

28 lines
1016 B
Diff
Raw Permalink Blame History

From 610162346b12f1d34198fb8f435e2426bc28462c Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Thu, 22 Dec 2022 12:05:13 +0100
Subject: [PATCH] Allow tlp read generic SSL certificates
Addresses the following AVC denial and further ones:
type=AVC msg=audit(1659568944.632:728): avc: denied { search } for pid=34604 comm="modinfo" name="pki" dev="dm-1" ino=2490465 scontext=system_u:system_r:tlp_t:s0 tcontext=system_u:object_r:cert_t:s0 tclass=dir permissive=0
Resolves: rhbz#2115141
---
policy/modules/contrib/tlp.te | 2 ++
1 file changed, 2 insertions(+)
diff --git a/policy/modules/contrib/tlp.te b/policy/modules/contrib/tlp.te
index 38ba44adb9..f73b8bbdcf 100644
--- a/policy/modules/contrib/tlp.te
+++ b/policy/modules/contrib/tlp.te
@@ -65,6 +65,8 @@ files_load_kernel_modules(tlp_t)
init_status(tlp_t)
init_stream_connectto(tlp_t)
+miscfiles_read_generic_certs(tlp_t)
+
modutils_exec_kmod(tlp_t)
modutils_read_module_config(tlp_t)
modutils_read_module_deps_files(tlp_t)
Reference in New Issue View Git Blame Copy Permalink