commit: 1d87f26bb009966f7bc42131a972c15c911a2d1e
Author: Jonathan Davies <jpds <AT> protonmail <DOT> com>
AuthorDate: Tue Jul 6 14:54:35 2021 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Sep 5 14:26:44 2021 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=1d87f26b
sysadm.te: Allow sysadm_t to read/write Xen character devices so userspace
tooling works.
Signed-off-by: Jonathan Davies <jpds <AT> protonmail.com>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/roles/sysadm.te | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index fdf6b149..3aa6b9d5 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -323,6 +323,10 @@ optional_policy(`
devicekit_admin(sysadm_t, sysadm_r)
')
+optional_policy(`
+ dev_rw_xen(sysadm_t)
+')
+
optional_policy(`
dhcpd_admin(sysadm_t, sysadm_r)
')
