commit: 747810c85068a0c6e3820733e05f4ee9fd820454
Author: Laurent Bigonville <bigon <AT> bigon <DOT> be>
AuthorDate: Sun Oct 6 10:32:03 2019 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Dec 16 13:13:11 2019 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=747810c8
Allow alsa_t to set scheduling priority and send signal to itself
When alsactl is running as a daemon with systemd, it sets its process
priority to be nice to other processes. When stopping the service, it's
signaling to itself that it needs to exit.
----
time->Sun Oct 6 11:59:59 2019
type=AVC msg=audit(1570355999.755:43): avc: denied { setsched } for pid=794
comm="alsactl" scontext=system_u:system_r:alsa_t:s0
tcontext=system_u:system_r:alsa_t:s0 tclass=process permissive=1
----
time->Sun Oct 6 11:59:59 2019
type=AVC msg=audit(1570355999.755:44): avc: denied { getsched } for pid=794
comm="alsactl" scontext=system_u:system_r:alsa_t:s0
tcontext=system_u:system_r:alsa_t:s0 tclass=process permissive=1
----
time->Sun Oct 6 12:07:26 2019
type=AVC msg=audit(1570356446.747:292): avc: denied { signal } for pid=3585
comm="alsactl" scontext=system_u:system_r:alsa_t:s0
tcontext=system_u:system_r:alsa_t:s0 tclass=process permissive=1
Signed-off-by: Laurent Bigonville <bigon <AT> bigon.be>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/admin/alsa.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/admin/alsa.te b/policy/modules/admin/alsa.te
index 6a0e6fa0..1f27ee28 100644
--- a/policy/modules/admin/alsa.te
+++ b/policy/modules/admin/alsa.te
@@ -44,6 +44,7 @@ files_lock_file(alsa_var_lock_t)
allow alsa_t self:capability { dac_override dac_read_search ipc_owner setgid
setuid };
# kill : kill pulseaudio
dontaudit alsa_t self:capability { kill sys_admin };
+allow alsa_t self:process { getsched setsched signal };
allow alsa_t self:sem create_sem_perms;
allow alsa_t self:shm create_shm_perms;
allow alsa_t self:unix_stream_socket { accept listen };
