Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow rngd read and write generic usb devices
When the rngd service is started, it looks for good sources of random data, e.g. a TV tuner like this: Bus 001 Device 012: ID 0bda:2838 Realtek Semiconductor Corp. RTL2838 DVB-T The commit addresses the following AVC denial: type=AVC msg=audit(1720074976.413:170): avc: denied { read write } for pid=1914 comm="rngd" name="012" dev="devtmpfs" ino=533 scontext=system_u:system_r:rngd_t:s0 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file permissive=0 type=SYSCALL msg=audit(1720074976.413:170): arch=x86_64 syscall=openat success=no exit=EACCES a0=ffffff9c a1=7ffd075886d0 a2=80002 a3=0 items=1 ppid=1 pid=1914 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=rngd exe=/usr/sbin/rngd subj=system_u:system_r:rngd_t:s0 key=(null) type=PATH msg=audit(1720074976.413:170): item=0 name=/dev/bus/usb/001/012 inode=533 dev=00:06 mode=020664 ouid=0 ogid=990 rdev=bd:0b obj=system_u:object_r:usb_device_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0 Resolves: rhbz#1892399
- Loading branch information