Allow apcupsd's apccontrol to send messages using wall · fedora-selinux/selinux-policy@e8fe592

Commit

Allow apcupsd's apccontrol to send messages using wall

Fixes these AVC denials:
type=AVC .. avc: denied { read } for pid=4272 comm="wall" name="sessions" dev="tmpfs" ino=85 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:systemd_logind_sessions_t:s0 tclass=dir
type=AVC .. avc: denied { read } for pid=4272 comm="wall" name="1" dev="tmpfs" ino=2016 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:systemd_logind_sessions_t:s0 tclass=file
type=AVC .. avc: denied { open } for pid=4272 comm="wall" path="/run/systemd/sessions/1" dev="tmpfs" ino=2016 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:systemd_logind_sessions_t:s0 tclass=file
type=AVC .. avc: denied { getattr } for pid=4272 comm="wall" path="/run/systemd/sessions/1" dev="tmpfs" ino=2016 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:systemd_logind_sessions_t:s0 tclass=file

Resolves: bsc#1235688
Signed-off-by: Robert Frohl <[email protected]>

Loading branch information

rfrohl authored and zpytela committed Jan 29, 2025

1 parent 916687c commit e8fe592

policy/modules/contrib/apcupsd.te

-Original file line number
+Diff line change
@@ Expand Up / @@ -113,6 +113,7 @@ logging_send_syslog_msg(apcupsd_t) @@
     sysnet_dns_name_resolve(apcupsd_t)
     systemd_dbus_chat_logind(apcupsd_t)
+    systemd_read_logind_sessions_files(apcupsd_t)
     userdom_use_inherited_user_ttys(apcupsd_t)
@@ Expand Down @@

0 comments on commit `e8fe592`

Please sign in to comment.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `e8fe592`

Commit

There are no files selected for viewing

0 comments on commit e8fe592

0 comments on commit `e8fe592`