commit: 095fdbed8f005dd9b8614e5c06a60d3e7b927dc2
Author: Krzysztof Nowicki <krissn <AT> op <DOT> pl>
AuthorDate: Wed Aug 12 12:26:35 2020 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Feb 15 19:49:24 2021 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=095fdbed
Also grant directory permissions in sysnet_manage_config
On systemd, systemd-networkd keeps its configuration in
/etc/systemd/network, where both files and directories are labelled as
net_conf_t. When granting network configuration management permissions
also include directory management rights when systemd is in use.
This fixes denials from udev trying to parse systemd network
configuration.
Signed-off-by: Krzysztof Nowicki <krissn <AT> op.pl>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/system/sysnetwork.if | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/policy/modules/system/sysnetwork.if
b/policy/modules/system/sysnetwork.if
index a8f619c1..c361cd81 100644
--- a/policy/modules/system/sysnetwork.if
+++ b/policy/modules/system/sysnetwork.if
@@ -541,6 +541,10 @@ interface(`sysnet_manage_config',`
ifdef(`distro_redhat',`
manage_files_pattern($1, net_conf_t, net_conf_t)
')
+
+ ifdef(`init_systemd',`
+ manage_files_pattern($1, net_conf_t, net_conf_t)
+ ')
')
#######################################
