packages/selinux-policy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
selinux-policy/backport-Allow-exim-read-network-sysctls.patch
qsw33 703c655d68 merge patch
2023-08-24 11:33:18 +08:00

26 lines
990 B
Diff
Raw Blame History

From 0b67d4d4f01428ebf80f2b695c970a27ed620b03 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Wed, 31 May 2023 08:54:38 +0200
Subject: [PATCH] Allow exim read network sysctls
The commit addresses the following AVC denial:
type=AVC msg=audit(1685423685.876:788): avc: denied { search } for pid=41331 comm="exim" name="net" dev="proc" ino=736304 scontext=system_u:system_r:exim_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir permissive=0
Resolves: rhbz#2211025
---
policy/modules/contrib/exim.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/contrib/exim.te b/policy/modules/contrib/exim.te
index 6e6792b06d..8ca4e25045 100644
--- a/policy/modules/contrib/exim.te
+++ b/policy/modules/contrib/exim.te
@@ -104,6 +104,7 @@ can_exec(exim_t, exim_exec_t)
kernel_read_crypto_sysctls(exim_t)
kernel_read_kernel_sysctls(exim_t)
+kernel_read_net_sysctls(exim_t)
kernel_read_network_state(exim_t)
kernel_read_system_state(exim_t)
Reference in New Issue View Git Blame Copy Permalink