Skip to content
Snippets Groups Projects
Commit 912f3c10 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep
Browse files

allow init to read symlinks in sys 

avc: denied { read } for name="device" dev="sysfs" ino=36099 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_rmtfs:s0 tclass=lnk_file

init is already allowed to read directories, this is an obvious omission.

Change-Id: I5131a84bb67e73aaed235c3cbab95c365eaaa2f0
parent 9fca8a39
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 1 addition and 0 deletions
init.te
+ 1
0
View file @ 912f3c10
...@@ -199,6 +199,7 @@ allow init self:capability sys_boot; ...@@ -199,6 +199,7 @@ allow init self:capability sys_boot;
# Write to sysfs nodes. # Write to sysfs nodes.
allow init sysfs_type:dir r_dir_perms; allow init sysfs_type:dir r_dir_perms;
allow init sysfs_type:lnk_file read;
allow init sysfs_type:file w_file_perms; allow init sysfs_type:file w_file_perms;
# disksize # disksize
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment