Skip to content

Commit

Permalink
systemd: allow notify client to stat socket
Browse files Browse the repository at this point in the history 
Caused by the latest openssh version in Debian sid:

    AVC avc:  denied  { getattr } for  pid=13544 comm="sshd" path="/run/systemd/notify" dev="tmpfs" ino=286 scontext=system_u:system_r:sshd_t:s0 tcontext=system_u:object_r:systemd_runtime_notify_t:s0 tclass=sock_file permissive=0

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
  • Loading branch information
@cgzones
cgzones committed Apr 13, 2024
1 parent 6507eeb commit cbf56c8
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion policy/modules/system/systemd.if
View file
Original file line number Diff line number Diff line change
Expand Up @@ -322,7 +322,7 @@ interface(`systemd_write_notify_socket',`

init_list_runtime($1)
init_unix_stream_socket_sendto($1)
allow $1 systemd_runtime_notify_t:sock_file write;
allow $1 systemd_runtime_notify_t:sock_file write_sock_file_perms;
')

######################################
Expand Down

0 comments on commit cbf56c8

Please sign in to comment.