Skip to content

Commit

Permalink
Allow thumb_t append to init unix domain stream sockets
Browse files Browse the repository at this point in the history 
The commit addresses the following AVC denial:
type=AVC msg=audit(1701466420.881:575): avc:  denied  { append } for  pid=22070 comm="gdk-pixbuf-thum" path="socket:[25140]" dev="sockfs" ino=25140 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=system_u:system_r:init_t:s0 tclass=unix_stream_socket permissive=0

Resolves: rhbz#2252637
  • Loading branch information
@zpytela
zpytela committed Dec 15, 2023
1 parent 6d02e2e commit b3dfad5
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions policy/modules/contrib/thumb.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,8 @@ tunable_policy(`selinuxuser_execmod',`
libs_legacy_use_shared_libs(thumb_t)
')

init_append_stream_sockets(thumb_t)

libs_dontaudit_setattr_lib_dirs(thumb_t)

logging_send_syslog_msg(thumb_t)
Expand Down

0 comments on commit b3dfad5

Please sign in to comment.