Skip to content

Commit

Permalink
Allow virtnetworkd domain transition on tc command execution
Browse files Browse the repository at this point in the history 
The tc command is from the iproute-tc (Linux Traffic Control utility)
package and has the ifconfig_exec_t type, as well as the ip command.

The commit addresses the following issues reported in journal:
hostname audit[1112]: AVC avc:  denied  { execute } for  pid=1112 comm="rpc-virtnetwork" name="tc" dev="vda5" ino=71062 scontext=system_u:system_r:virtnetworkd_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file permissive=0
hostname virtnetworkd[1112]: Cannot find 'tc' in path: No such file or directory

Resolves: rhbz#2244759
  • Loading branch information
@zpytela
zpytela committed Nov 23, 2023
1 parent e138fb7 commit eba81d0
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions policy/modules/contrib/virt.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1885,6 +1885,7 @@ corenet_rw_tun_tap_dev(virtnetworkd_t)

dev_rw_sysfs(virtnetworkd_t)

sysnet_domtrans_ifconfig(virtnetworkd_t)
sysnet_read_config(virtnetworkd_t)

optional_policy(`
Expand Down

0 comments on commit eba81d0

Please sign in to comment.