Allow kdump work with PrivateTmp

In particular, assign kdumpctl_tmp_t to the systemd_private_tmp_type attribute. The commit addresses the following AVC denial: AVC avc: denied { remove_name } for pid=2386 comm="(sd-rmrf)" name="tmp" dev="vda5" ino=201741 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:kdumpctl_tmp_t:s0 tclass=dir permissive=0 Resolves: rhbz#2246046
zpytela · Nov 13, 2023 · 2fb568c · 2fb568c
1 parent 27d36be
commit 2fb568c
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/policy/modules/contrib/kdump.te b/policy/modules/contrib/kdump.te
@@ -199,6 +199,10 @@ optional_policy(`
         ssh_exec(kdumpctl_t)
 ')
 
+optional_policy(`
+	systemd_private_tmp(kdumpctl_tmp_t)
+')
+
 optional_policy(`
 	unconfined_domain(kdumpctl_t)
 ')