Allow sysadm_t use the io_uring API

The commit addresses the following AVC denial: type=AVC msg=audit(11/14/2024 20:11:39.441:379) : avc: denied { create } for pid=5587 comm=qemu-system-i38 anonclass=[io_uring] scontext=sysadm_u:sysadm_r:sysadm_t:s0 tcontext=sysadm_u:object_r:io_uring_t:s0 tclass=anon_inode permissive=0
fedora-selinux · Nov 19, 2024 · 87abd28 · 87abd28
1 parent c452bed
commit 87abd28
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
@@ -24,6 +24,7 @@ allow sysadm_t self:system all_system_perms;
 #
 # Local policy
 #
+kernel_io_uring_use(sysadm_t)
 kernel_manage_perf_event(sysadm_t)
 kernel_prog_run_bpf(sysadm_t)
 kernel_read_fs_sysctls(sysadm_t)