selinux - allow dnsmasq to getattr on fifos
This is presumably libc isatty detection on stdin/out/err.
Either way - allowing it is harmless.
This fixes:
type=1400 audit(): avc: denied { getattr } for comm="dnsmasq" path="pipe:[38315]" dev="pipefs" ino=38315 scontext=u:r:dnsmasq:s0 tcontext=u:r:netd:s0 tclass=fifo_file permissive=0
Test: built and observed no more avc denials on crosshatch
Bug: 77868789
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ieab51aeb67ebb85b6c778410ba96963612277ae4
This commit is contained in:
Maciej Żenczykowski
parent
c165185e05
commit
afa10f7223
1 changed files with 1 additions and 1 deletions
|
|
@ -15,7 +15,7 @@ allow dnsmasq dhcp_data_file:file create_file_perms;
|
|||
|
||||
# Inherit and use open files from netd.
|
||||
allow dnsmasq netd:fd use;
|
||||
allow dnsmasq netd:fifo_file { read write };
|
||||
allow dnsmasq netd:fifo_file { getattr read write };
|
||||
# TODO: Investigate whether these inherited sockets should be closed on exec.
|
||||
allow dnsmasq netd:netlink_kobject_uevent_socket { read write };
|
||||
allow dnsmasq netd:netlink_nflog_socket { read write };
|
||||
|
|
|
|||
Loading…
Reference in a new issue