rpms/linuxptp
5
0
Fork 0
Code Issues Pull Requests Releases Activity

update selinux policy (RHEL-76786)

Browse Source 
Resolves: RHEL-76786
This commit is contained in:
Miroslav Lichvar 2025-01-29 15:14:57 +01:00
parent 1aaa686cd6
commit 97b9d322f2
2 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
linuxptp.if
View File

@ -158,3 +158,21 @@ interface(`phc2sys_rw_shm',`
read_lnk_files_pattern($1, timemaster_tmpfs_t, timemaster_tmpfs_t)
fs_search_tmpfs($1)
')
#######################################
## <summary>
## Get timemaster services status
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`timemaster_service_status',`
gen_require(`
type timemaster_unit_file_t;
')
allow $1 timemaster_unit_file_t:service status;
')

7
linuxptp.te
View File

@ -67,6 +67,10 @@ corenet_udp_bind_generic_node(timemaster_t)
corenet_udp_bind_ntp_port(timemaster_t)
dev_read_urand(timemaster_t)
dev_list_sysfs(timemaster_t)
#dev_write_sysfs(timemaster_t)
write_files_pattern(timemaster_t, sysfs_t, sysfs_t)
read_lnk_files_pattern(timemaster_t, sysfs_t, sysfs_t)
logging_send_syslog_msg(timemaster_t)
@ -157,7 +161,7 @@ allow ptp4l_t self:packet_socket create_socket_perms;
allow ptp4l_t self:unix_stream_socket create_stream_socket_perms;
allow ptp4l_t self:shm create_shm_perms;
allow ptp4l_t self:udp_socket create_socket_perms;
allow ptp4l_t self:capability { net_admin net_raw sys_time };
allow ptp4l_t self:capability { net_admin net_raw sys_admin sys_time };
allow ptp4l_t self:capability2 { bpf wake_alarm };
allow ptp4l_t self:netlink_route_socket rw_netlink_socket_perms;
@ -177,6 +181,7 @@ corenet_udp_bind_ptp_event_port(ptp4l_t)
corenet_udp_bind_reserved_port(ptp4l_t)
kernel_read_network_state(ptp4l_t)
kernel_request_load_module(ptp4l_t)
dev_rw_realtime_clock(ptp4l_t)