Skip to content

Commit

Permalink
Allow virtnetworkd domain transition on tc command execution
Browse files Browse the repository at this point in the history 
The tc command is from the iproute-tc (Linux Traffic Control utility)
package and has the ifconfig_exec_t type, as well as the ip command.

The commit addresses the following issues reported in journal:
hostname audit[1112]: AVC avc:  denied  { execute } for  pid=1112 comm="rpc-virtnetwork" name="tc" dev="vda5" ino=71062 scontext=system_u:system_r:virtnetworkd_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file permissive=0
hostname virtnetworkd[1112]: Cannot find 'tc' in path: No such file or directory
  • Loading branch information
@zpytela
zpytela committed Oct 19, 2023
1 parent ba41134 commit da00af2
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions policy/modules/contrib/virt.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1885,6 +1885,7 @@ corenet_rw_tun_tap_dev(virtnetworkd_t)

dev_rw_sysfs(virtnetworkd_t)

sysnet_domtrans_ifconfig(virtnetworkd_t)
sysnet_read_config(virtnetworkd_t)

optional_policy(`
Expand Down

0 comments on commit da00af2

Please sign in to comment.