Allow coreos-installer domain transition on udev execution

The commit addresses the following AVC denial: AVC avc: denied { getattr } for pid=1201 comm="coreos-installe" path="/usr/bin/udevadm" dev="loop1" ino=4263 scontext=system_u:system_r:coreos_installer_t:s0 tcontext=system_u:object_r:udev_exec_t:s0 tclass=file permissive=0 Resolves: rhbz#2305385
fedora-selinux · Nov 19, 2024 · 3e7b1f2 · 3e7b1f2
1 parent cd57e25
commit 3e7b1f2
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/policy/modules/contrib/coreos_installer.te b/policy/modules/contrib/coreos_installer.te
@@ -84,6 +84,10 @@ optional_policy(`
 	sysnet_dns_name_resolve(coreos_installer_t)
 ')
 
+optional_policy(`
+	udev_domtrans(coreos_installer_t)
+')
+
 ########################################
 #
 # coreos_boot_mount_generator