From 23f4b75ba8b51177f31ceca7efb8a88383fff0b6 Mon Sep 17 00:00:00 2001
From: Cathy Hu <cathy.hu@suse.com>
Date: Fri, 23 Aug 2024 10:01:43 +0200
Subject: [PATCH] Allow rasdaemon write access to sysfs

Error message in rasdaemon:
Aug 23 09:38:48 localhost rasdaemon[17117]: rasdaemon: Kernel does not support page offline interface

Fixes:
----
time->Fri Aug 23 09:38:48 2024
type=AVC msg=audit(1724398728.627:998): avc:  denied  { write } for  pid=17117 comm="rasdaemon" name="soft_offline_page" dev="sysfs" ino=46 scontext=system_u:system_r:rasdaemon_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=0

Signed-off-by: Cathy Hu <cahu@suse.de>
---
 policy/modules/contrib/rasdaemon.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policy/modules/contrib/rasdaemon.te b/policy/modules/contrib/rasdaemon.te
index 0ccf6fe85b..b9611a49c8 100644
--- a/policy/modules/contrib/rasdaemon.te
+++ b/policy/modules/contrib/rasdaemon.te
@@ -31,9 +31,9 @@ kernel_read_system_state(rasdaemon_t)
 kernel_manage_debugfs(rasdaemon_t)
 
 dev_read_raw_memory(rasdaemon_t)
-dev_read_sysfs(rasdaemon_t)
 dev_read_urand(rasdaemon_t)
 dev_rw_cpu_microcode(rasdaemon_t)
+dev_rw_sysfs(rasdaemon_t)
 
 corecmd_exec_bin(rasdaemon_t)