Allow keylime_server_t itself write to keyring

Koncpa · web-flow · commit bb6f4099d71c · 2025-07-09T09:45:09.000+02:00
diff --git a/keylime.te b/keylime.te
@@ -74,6 +74,7 @@ optional_policy(`
 # keylime server policy
 #
 
+allow keylime_server_t self:key { read write };
 allow keylime_server_t self:netlink_route_socket { create_stream_socket_perms nlmsg_read };
 allow keylime_server_t self:udp_socket create_stream_socket_perms;
 

Original file line number	Diff line number	Diff line change
@@ -74,6 +74,7 @@ optional_policy(`
`74`	`74`	`# keylime server policy`
`75`	`75`	`#`
`76`	`76`
	`77`	`+allow keylime_server_t self:key { read write };`
`77`	`78`	`allow keylime_server_t self:netlink_route_socket { create_stream_socket_perms nlmsg_read };`
`78`	`79`	`allow keylime_server_t self:udp_socket create_stream_socket_perms;`
`79`	`80`