Skip to content

Commit 792dcf0

Browse files
zpytelazpytela
committed
Allow nfs generator create and use netlink sockets
The commit addresses the following AVC denial example: AVC avc: denied { create } for pid=179463 comm="nfs-server-gene" scontext=system_u:system_r:systemd_nfs_generator_t:s0 tcontext=system_u:system_r:systemd_nfs_generator_t:s0 tclass=netlink_route_socket permissive=1 Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2394936
1 parent f5b768d commit 792dcf0

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

policy/modules/system/systemd.te

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1496,6 +1496,7 @@ optional_policy(`
14961496
### nfs generator
14971497
permissive systemd_nfs_generator_t;
14981498
allow systemd_nfs_generator_t self:udp_socket create_socket_perms;
1499+
allow systemd_nfs_generator_t self:netlink_route_socket { create_netlink_socket_perms };
14991500

15001501
### systemd rc_local generator
15011502
init_exec_script_files(systemd_rc_local_generator_t)

0 commit comments

Comments
 (0)