Skip to content

Commit

Permalink
Allow virtnetworkd domain transition on tc command execution
Browse files Browse the repository at this point in the history 
The tc command is from the iproute-tc (Linux Traffic Control utility)
package and has the ifconfig_exec_t type, as well as the ip command.

The commit addresses the following issues reported in journal:
hostname audit[1112]: AVC avc:  denied  { execute } for  pid=1112 comm="rpc-virtnetwork" name="tc" dev="vda5" ino=71062 scontext=system_u:system_r:virtnetworkd_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file permissive=0
hostname virtnetworkd[1112]: Cannot find 'tc' in path: No such file or directory

Resolves: rhbz#2244759
  • Loading branch information
@zpytela
zpytela committed Nov 15, 2023
1 parent ba41134 commit fad3b61
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions policy/modules/contrib/virt.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1885,6 +1885,7 @@ corenet_rw_tun_tap_dev(virtnetworkd_t)

dev_rw_sysfs(virtnetworkd_t)

sysnet_domtrans_ifconfig(virtnetworkd_t)
sysnet_read_config(virtnetworkd_t)

optional_policy(`
Expand Down

0 comments on commit fad3b61

Please sign in to comment.