63825b296c445457a6bfd5d8c720c96bd284cef9 - third_party/github.com/stefanberger/swtpm

commit	63825b296c445457a6bfd5d8c720c96bd284cef9	[log] [tgz]
author	Stefan Berger <stefanb@linux.ibm.com>	Fri Aug 11 18:13:12 2023 -0400
committer	Stefan Berger <stefanb@us.ibm.com>	Tue Aug 15 10:30:08 2023 -0400
tree	72e4eb398756982128a0ad0021d25a09469a1167
parent	7dac1dbf6f5629744e60e58e8c80e83973f790d4 [diff]

SELinux: Add rules for user_tpm_t:sockfile to allow unlink

With a memoryBacking node added to the libvirt domain XML, the unlink
permission on user_tmp_t:sockfile becomes necessary to avoid an avc
denial.

  <currentMemory unit='KiB'>2097152</currentMemory>
  <memoryBacking>
    <hugepages>
      <page size='2048' unit='KiB'/>
    </hugepages>
  </memoryBacking>

Also add the unlink permission to the other occurrences of sock_file.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2165142
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

src/selinux/swtpm_svirt.te[diff]

1 file changed

tree: 72e4eb398756982128a0ad0021d25a09469a1167

.github/
debian/
include/
man/
samples/
src/
tests/
.gitignore
.travis.yml
autogen.sh
CHANGES
configure.ac
COPYING
DCO1.1.txt
INSTALL
LICENSE
Makefile.am
README
run_tests
swtpm.spec
swtpm.spec.in
TODO