diff options
| author |   Dave Sugar <dsugar100@gmail.com> | 2024-05-04 21:19:20 -0400 |
|---|---|---|
| committer |   Kenton Groombridge <concord@gentoo.org> | 2024-05-14 13:41:22 -0400 |
| commit | c6e72252a0d9ec8e88e28e2512737936cec8c3ea (patch) | |
| tree | caa87132487cc421ad5600e2af9d27744dfbe48c | |
| parent | tests.yml: Add sechecker testing. (diff) | |
| download | hardened-refpolicy-c6e72252a0d9ec8e88e28e2512737936cec8c3ea.tar.gz hardened-refpolicy-c6e72252a0d9ec8e88e28e2512737936cec8c3ea.tar.bz2 hardened-refpolicy-c6e72252a0d9ec8e88e28e2512737936cec8c3ea.zip | |
Need map perm for cockpit 300.4
node=localhost type=AVC msg=audit(1714870999.370:3558): avc: denied { map } for pid=7081 comm="cockpit-bridge" path=2F6465762F23373933202864656C6574656429 dev="devtmpfs" ino=793 scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_cockpit_tmpfs_t:s0 tclass=file permissive=0
Signed-off-by: Dave Sugar <dsugar100@gmail.com>
Signed-off-by: Kenton Groombridge <concord@gentoo.org>
| -rw-r--r-- | policy/modules/services/cockpit.if | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/policy/modules/services/cockpit.if b/policy/modules/services/cockpit.if index 1a13f4e5..bde2bfad 100644 --- a/policy/modules/services/cockpit.if +++ b/policy/modules/services/cockpit.if @@ -49,7 +49,7 @@ template(`cockpit_role_template',` files_tmpfs_file($1_cockpit_tmpfs_t) dev_filetrans($2, $1_cockpit_tmpfs_t, file) - allow $2 $1_cockpit_tmpfs_t:file { manage_file_perms execute }; + allow $2 $1_cockpit_tmpfs_t:file { mmap_manage_file_perms execute }; dev_dontaudit_execute_dev_nodes($2) |