update selinux policy (RHEL-76786)

Resolves: RHEL-76786
2025-01-29 15:14:57 +01:00 · 2025-01-29 15:14:57 +01:00 · 97b9d322f2
commit 97b9d322f2
parent 1aaa686cd6
2 changed files with 24 additions and 1 deletions
--- a/linuxptp.if
+++ b/linuxptp.if
@ -158,3 +158,21 @@ interface(`phc2sys_rw_shm',`
 	read_lnk_files_pattern($1, timemaster_tmpfs_t, timemaster_tmpfs_t)
 	fs_search_tmpfs($1)
 ')
 #######################################
 ## <summary>
 ##	Get timemaster services status
 ## </summary>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed to transition.
 ##	</summary>
 ## </param>
 #
 interface(`timemaster_service_status',`
 	gen_require(`
 		type timemaster_unit_file_t;
 	')
 	allow $1 timemaster_unit_file_t:service status;
 ')
--- a/linuxptp.te
+++ b/linuxptp.te
@ -67,6 +67,10 @@ corenet_udp_bind_generic_node(timemaster_t)
 corenet_udp_bind_ntp_port(timemaster_t)
 dev_read_urand(timemaster_t)
 dev_list_sysfs(timemaster_t)
 #dev_write_sysfs(timemaster_t)
 write_files_pattern(timemaster_t, sysfs_t, sysfs_t)
 read_lnk_files_pattern(timemaster_t, sysfs_t, sysfs_t)
 logging_send_syslog_msg(timemaster_t)
@ -157,7 +161,7 @@ allow ptp4l_t self:packet_socket create_socket_perms;
 allow ptp4l_t self:unix_stream_socket create_stream_socket_perms;
 allow ptp4l_t self:shm create_shm_perms;
 allow ptp4l_t self:udp_socket create_socket_perms;
-allow ptp4l_t self:capability { net_admin net_raw sys_time };
+allow ptp4l_t self:capability { net_admin net_raw sys_admin sys_time };
 allow ptp4l_t self:capability2 { bpf wake_alarm };
 allow ptp4l_t self:netlink_route_socket rw_netlink_socket_perms;
@ -177,6 +181,7 @@ corenet_udp_bind_ptp_event_port(ptp4l_t)
 corenet_udp_bind_reserved_port(ptp4l_t)
 kernel_read_network_state(ptp4l_t)
 kernel_request_load_module(ptp4l_t)
 dev_rw_realtime_clock(ptp4l_t)