commit: c6e72252a0d9ec8e88e28e2512737936cec8c3ea Author: Dave Sugar <dsugar100 <AT> gmail <DOT> com> AuthorDate: Sun May 5 01:19:20 2024 +0000 Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org> CommitDate: Tue May 14 17:41:22 2024 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=c6e72252
Need map perm for cockpit 300.4 node=localhost type=AVC msg=audit(1714870999.370:3558): avc: denied { map } for pid=7081 comm="cockpit-bridge" path=2F6465762F23373933202864656C6574656429 dev="devtmpfs" ino=793 scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_cockpit_tmpfs_t:s0 tclass=file permissive=0 Signed-off-by: Dave Sugar <dsugar100 <AT> gmail.com> Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org> policy/modules/services/cockpit.if | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/policy/modules/services/cockpit.if b/policy/modules/services/cockpit.if index 1a13f4e5a..bde2bfad5 100644 --- a/policy/modules/services/cockpit.if +++ b/policy/modules/services/cockpit.if @@ -49,7 +49,7 @@ template(`cockpit_role_template',` files_tmpfs_file($1_cockpit_tmpfs_t) dev_filetrans($2, $1_cockpit_tmpfs_t, file) - allow $2 $1_cockpit_tmpfs_t:file { manage_file_perms execute }; + allow $2 $1_cockpit_tmpfs_t:file { mmap_manage_file_perms execute }; dev_dontaudit_execute_dev_nodes($2)