packages/selinux-policy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
selinux-policy/backport-Allow-pcscd-bpf-capability-to-run-bpf-programs.patch
qsw33 703c655d68 merge patch
2023-08-24 11:33:18 +08:00

24 lines
934 B
Diff
Raw Blame History

From 991e1cd627e9dba1bb5a89ca87c90b2542453018 Mon Sep 17 00:00:00 2001
From: Nikola Knazekova <nknazeko@redhat.com>
Date: Thu, 27 Oct 2022 14:23:35 +0200
Subject: [PATCH] Allow pcscd bpf capability to run bpf programs
Resolves: rhbz#2134827
---
policy/modules/contrib/pcscd.te | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/pcscd.te b/policy/modules/contrib/pcscd.te
index d0d83da261..5b22ac8268 100644
--- a/policy/modules/contrib/pcscd.te
+++ b/policy/modules/contrib/pcscd.te
@@ -23,7 +23,7 @@ init_daemon_run_dir(pcscd_var_run_t, "pcscd")
allow pcscd_t self:capability { dac_read_search fsetid };
dontaudit pcscd_t self:capability { sys_admin };
-allow pcscd_t self:capability2 { wake_alarm };
+allow pcscd_t self:capability2 { bpf wake_alarm };
allow pcscd_t self:cap_userns sys_ptrace;
allow pcscd_t self:process { signal signull };
dontaudit pcscd_t self:process setsched;
Reference in New Issue View Git Blame Copy Permalink