Skip to content

Commit 0b3d4bd

Browse files
ca-huzpytela
ca-hu
authored and
zpytela
committed
Allow kmscon to read netlink_kobject_uevent_socket
https://discussion.fedoraproject.org/t/f44-change-proposal-usekmsconvtconsole-systemwide/172602/18 Fixes: time->Sat Nov 15 19:13:29 2025 type=AVC msg=audit(1763244809.103:36160): avc: denied { read } for pid=3419 comm="kmscon" scontext=system_u:system_r:kmscon_t:s0 tcontext=system_u:system_r:kmscon_t:s0 tclass=netlink_kobject_uevent_socket permissive=0
1 parent a0717a5 commit 0b3d4bd

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

policy/modules/contrib/kmscon.te

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ dontaudit kmscon_t self:capability2 block_suspend;
3737
domain_dontaudit_read_all_domains_state(kmscon_t)
3838

3939
# Create an udev monitor
40-
allow kmscon_t self:netlink_kobject_uevent_socket { bind create getopt setopt getattr };
40+
allow kmscon_t self:netlink_kobject_uevent_socket { bind create getopt read setopt getattr };
4141

4242
allow kmscon_t kmscon_devpts_t:chr_file { rw_chr_file_perms setattr_chr_file_perms };
4343
term_create_pty(kmscon_t, kmscon_devpts_t)

0 commit comments

Comments
 (0)