Update the userdomain base module so that an unneeded permission
is not audited.
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/system/userdomain.if | 3 +++
1 file changed, 3 insertions(+)
--- refpolicy-2.20170204-orig/policy/modules/system/userdomain.if 2016-12-17 14:15:16.000000000 +0100
+++ refpolicy-2.20170204/policy/modules/system/userdomain.if 2017-04-13 21:23:08.297212706 +0200
@@ -507,6 +510,9 @@ template(`userdom_common_user_template',
dontaudit $1_t self:netlink_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
+ # gnome-settings-daemon tries to create a netlink socket
+ dontaudit $1_t self:netlink_kobject_uevent_socket create_socket_perms;
+
allow $1_t unpriv_userdomain:fd use;
kernel_read_system_state($1_t)