systemd: allow notify client to stat socket

SELinuxProject / refpolicy

SELinux Reference Policy v2

https://github.com/SELinuxProject/refpolicy/wiki

GNU General Public License v2.0

304 stars 135 forks source link

systemd: allow notify client to stat socket #769

Closed cgzones closed 6 months ago

cgzones commented 7 months ago

Caused by the latest openssh version in Debian sid:

AVC avc:  denied  { getattr } for  pid=13544 comm="sshd" path="/run/systemd/notify" dev="tmpfs" ino=286 scontext=system_u:system_r:sshd_t:s0 tcontext=system_u:object_r:systemd_runtime_notify_t:s0 tclass=sock_file permissive=0