commit: 6568c3111734cbf1ad0065d55e920e3835f3d259
Author: Yi Zhao <yi.zhao <AT> windriver <DOT> com>
AuthorDate: Sun Sep 26 05:56:36 2021 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu Nov 11 21:26:50 2021 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=6568c311
dbus: allow dbus-daemon to map SELinux status page
Fixes:
avc: denied { map } for pid=328 comm="dbus-daemon"
path="/sys/fs/selinux/status" dev="selinuxfs" ino=19
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:security_t tclass=file permissive=0
Signed-off-by: Yi Zhao <yi.zhao <AT> windriver.com>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/services/dbus.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/services/dbus.te b/policy/modules/services/dbus.te
index a6865834..9d2942f5 100644
--- a/policy/modules/services/dbus.te
+++ b/policy/modules/services/dbus.te
@@ -129,6 +129,7 @@ mls_socket_read_to_clearance(system_dbusd_t)
mls_dbus_recv_all_levels(system_dbusd_t)
selinux_get_fs_mount(system_dbusd_t)
+selinux_use_status_page(system_dbusd_t)
selinux_validate_context(system_dbusd_t)
selinux_compute_access_vector(system_dbusd_t)
selinux_compute_create_context(system_dbusd_t)
