Skip to content
Snippets Groups Projects
Commit b3007650 authored by Stephen Smalley's avatar Stephen Smalley
Browse files

Allow ppp to inherit/use mtp unix datagram socket. 


Resolves denials such as:
avc:  denied  { read write } for  path="socket:[33571]" dev="sockfs" ino=33571 scontext=u:r:ppp:s0 tcontext=u:r:mtp:s0 tclass=unix_dgram_socket

Change-Id: Icb1ee00d8513179039bfb738647f49480e836f25
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent 02e71525
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 1 addition and 0 deletions
ppp.te
+ 1
0
View file @ b3007650
...@@ -8,6 +8,7 @@ domain_auto_trans(mtp, ppp_exec, ppp) ...@@ -8,6 +8,7 @@ domain_auto_trans(mtp, ppp_exec, ppp)
net_domain(ppp) net_domain(ppp)
allow ppp mtp:socket rw_socket_perms; allow ppp mtp:socket rw_socket_perms;
allow ppp mtp:unix_dgram_socket rw_socket_perms;
allow ppp ppp_device:chr_file rw_file_perms; allow ppp ppp_device:chr_file rw_file_perms;
allow ppp self:capability net_admin; allow ppp self:capability net_admin;
allow ppp system_file:file rx_file_perms; allow ppp system_file:file rx_file_perms;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment