packages/selinux-policy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
selinux-policy/backport-Allow-ipsec_t-read-write-tpm-devices.patch
lujie42 8f5a7284a7 update upstream patches
2022-11-28 10:41:07 +08:00

31 lines
1016 B
Diff
Raw Blame History

From c836064999e34f071b4b411c47b87d544cd8f6d4 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Wed, 31 Aug 2022 18:58:39 +0200
Subject: [PATCH] Allow ipsec_t read/write tpm devices
Addresses the following AVC denial:
type=AVC msg=audit(1652729361.214:334): avc: denied { getattr } for pid=1642 comm="charon" path="/dev/tpmrm0" dev="devtmpfs" ino=135 scontext=system_u:system_r:ipsec_t:s0 tcontext=system_u:object_r:tpm_device_t:s0 tclass=chr_file permissive=0
Resolves: rhbz#2086926
Signed-off-by: lujie42 <lujie54@huawei.com>
---
policy/modules/system/ipsec.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/system/ipsec.te b/policy/modules/system/ipsec.te
index 43186c0b9..cd432b15f 100644
--- a/policy/modules/system/ipsec.te
+++ b/policy/modules/system/ipsec.te
@@ -180,6 +180,7 @@ corenet_rw_tun_tap_dev(ipsec_t)
dev_read_sysfs(ipsec_t)
dev_read_rand(ipsec_t)
dev_read_urand(ipsec_t)
+dev_rw_tpm(ipsec_t)
domain_use_interactive_fds(ipsec_t)
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink