udev: allow reading ZFS config

Needed by vdev_id: avc: denied { search } for pid=2670 comm="vdev_id" name="zfs" dev="zfs" ino=93601 scontext=system_u:system_r:udev_t:s0 tcontext=system_u:object_r:zfs_config_t:s0 tclass=dir permissive=0 Signed-off-by: Kenton Groombridge <me@concord.sh> Signed-off-by: Kenton Groombridge <concord@gentoo.org>
author: Kenton Groombridge <me@concord.sh> 2022-09-01 17:53:20 -0400
committer: Kenton Groombridge <concord@gentoo.org> 2022-11-02 10:06:27 -0400
commit: 0f7a02d1495541d1afb2cf2fc3f509decc912ad1 (patch)
tree: 0c014a0381604cf2054f8fb3debb4587f97510f7
parent: systemd, zfs: allow systemd-generator to read zfs config (diff)
download: hardened-refpolicy-0f7a02d1495541d1afb2cf2fc3f509decc912ad1.tar.gz
hardened-refpolicy-0f7a02d1495541d1afb2cf2fc3f509decc912ad1.tar.bz2
hardened-refpolicy-0f7a02d1495541d1afb2cf2fc3f509decc912ad1.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index 37f8e1a65..39111e430 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -401,6 +401,10 @@ ifdef(`distro_gentoo',`
 	init_domtrans_script(udev_t)
 ')
 
+optional_policy(`
+	zfs_read_config(udev_t)
+')
+
 ########################################
 #
 # udevadm Local policy
author	Kenton Groombridge <me@concord.sh>	2022-09-01 17:53:20 -0400
committer	Kenton Groombridge <concord@gentoo.org>	2022-11-02 10:06:27 -0400
commit	0f7a02d1495541d1afb2cf2fc3f509decc912ad1 (patch)
tree	0c014a0381604cf2054f8fb3debb4587f97510f7
parent	systemd, zfs: allow systemd-generator to read zfs config (diff)
download	hardened-refpolicy-0f7a02d1495541d1afb2cf2fc3f509decc912ad1.tar.gz hardened-refpolicy-0f7a02d1495541d1afb2cf2fc3f509decc912ad1.tar.bz2 hardened-refpolicy-0f7a02d1495541d1afb2cf2fc3f509decc912ad1.zip