diff options
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0045-policy-modules-system-udev-allow-udevadm_t-to-search.patch')
-rw-r--r-- | recipes-security/refpolicy/refpolicy/0045-policy-modules-system-udev-allow-udevadm_t-to-search.patch | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0045-policy-modules-system-udev-allow-udevadm_t-to-search.patch b/recipes-security/refpolicy/refpolicy/0045-policy-modules-system-udev-allow-udevadm_t-to-search.patch new file mode 100644 index 0000000..03d9552 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0045-policy-modules-system-udev-allow-udevadm_t-to-search.patch | |||
@@ -0,0 +1,34 @@ | |||
1 | From bd03c34ab3c193d6c21a6c0b951e89dd4e24eee6 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yi Zhao <yi.zhao@windriver.com> | ||
3 | Date: Fri, 19 Jun 2020 15:21:26 +0800 | ||
4 | Subject: [PATCH] policy/modules/system/udev: allow udevadm_t to search bin dir | ||
5 | |||
6 | Fixes: | ||
7 | audit: type=1400 audit(1592894099.930:6): avc: denied { search } for | ||
8 | pid=153 comm="udevadm" name="bin" dev="vda" ino=13 | ||
9 | scontext=system_u:system_r:udevadm_t tcontext=system_u:object_r:bin_t | ||
10 | tclass=dir permissive=0 | ||
11 | |||
12 | Upstream-Status: Inappropriate [embedded specific] | ||
13 | |||
14 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
15 | --- | ||
16 | policy/modules/system/udev.te | 2 ++ | ||
17 | 1 file changed, 2 insertions(+) | ||
18 | |||
19 | diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te | ||
20 | index 52da11acd..3a4d7362c 100644 | ||
21 | --- a/policy/modules/system/udev.te | ||
22 | +++ b/policy/modules/system/udev.te | ||
23 | @@ -415,6 +415,8 @@ dev_read_urand(udevadm_t) | ||
24 | files_read_etc_files(udevadm_t) | ||
25 | files_read_usr_files(udevadm_t) | ||
26 | |||
27 | +corecmd_search_bin(udevadm_t) | ||
28 | + | ||
29 | init_list_runtime(udevadm_t) | ||
30 | init_read_state(udevadm_t) | ||
31 | |||
32 | -- | ||
33 | 2.17.1 | ||
34 | |||