selinux: Allow getattr on lnk sysfs files

This showed up during downstream testing for luminous. We are doing getattr on the sysfs lnk files and the current policy does not allow this. Signed-off-by: Boris Ranto <[email protected]>
senax · Sep 21, 2017 · 394c26a · 394c26a
1 parent 7d7993f
commit 394c26a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/selinux/ceph.te b/selinux/ceph.te
@@ -106,7 +106,7 @@ files_manage_generic_locks(ceph_t)
 
 allow ceph_t sysfs_t:dir read;
 allow ceph_t sysfs_t:file { read getattr open };
-allow ceph_t sysfs_t:lnk_file read;
+allow ceph_t sysfs_t:lnk_file { read getattr };
 
 allow ceph_t random_device_t:chr_file getattr;
 allow ceph_t urandom_device_t:chr_file getattr;