Allow chronyd read networkmanager's pid files

The commit addresses the following AVC denial: type=AVC msg=audit(1717458744.849:161): avc: denied { getattr } for pid=1487 comm="chronyd" path="/run/NetworkManager/no-stub-resolv.conf" dev="tmpfs" ino=2481 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:NetworkManager_var_run_t:s0 tclass=file permissive=0 Resolves: rhbz#2290310
fedora-selinux · Nov 19, 2024 · 281599e · 281599e
1 parent 234e360
commit 281599e
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/policy/modules/contrib/chronyd.te b/policy/modules/contrib/chronyd.te
@@ -163,6 +163,10 @@ optional_policy(`
 	gpsd_rw_shm(chronyd_t)
 ')
 
+optional_policy(`
+	networkmanager_read_pid_files(chronyd_t)
+')
+
 optional_policy(`
     virt_read_lib_files(chronyd_t)
 ')