33 lines
1.3 KiB
Diff
33 lines
1.3 KiB
Diff
From e485345b572121f09778da9c146cf1bcd22ae0cf Mon Sep 17 00:00:00 2001
|
|
From: Zdenek Pytela <zpytela@redhat.com>
|
|
Date: Mon, 12 Sep 2022 17:26:03 +0200
|
|
Subject: [PATCH] Allow tor get filesystem attributes
|
|
|
|
In particular, attributes of cgroup filesystems and generic filesystems
|
|
with extended attributes.
|
|
|
|
Addresses the following AVC denials:
|
|
|
|
type=AVC msg=audit(1633585335.809:601): avc: denied { getattr } for pid=1881 comm="tor" name="/" dev="cgroup2" ino=1 scontext=system_u:system_r:tor_t:s0 tcontext=system_u:object_r:cgroup_t:s0 tclass=filesystem permissive=1
|
|
type=AVC msg=audit(1633585335.809:602): avc: denied { getattr } for pid=1881 comm="tor" name="/" dev="dm-0" ino=256 scontext=system_u:system_r:tor_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=1
|
|
|
|
Resolves: rhbz#2012006
|
|
---
|
|
policy/modules/contrib/tor.te | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/policy/modules/contrib/tor.te b/policy/modules/contrib/tor.te
|
|
index 0dc670b885..ae36c255ca 100644
|
|
--- a/policy/modules/contrib/tor.te
|
|
+++ b/policy/modules/contrib/tor.te
|
|
@@ -124,6 +124,9 @@ domain_use_interactive_fds(tor_t)
|
|
|
|
files_read_etc_runtime_files(tor_t)
|
|
|
|
+fs_getattr_cgroup(tor_t)
|
|
+fs_getattr_xattr_fs(tor_t)
|
|
+
|
|
auth_use_nsswitch(tor_t)
|
|
|
|
logging_send_syslog_msg(tor_t)
|