From 282e8839a19b3f25960cd0e3797ee115a9f73c36 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Tue, 22 Oct 2024 18:51:50 +0200 Subject: [PATCH] Allow confined users r/w to screen unix stream socket The screen_role_template() was updated to add the allow rules for all confined users which are allowed to use screen/tmux. Resolves: RHEL-50379 --- policy/modules/contrib/screen.if | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/policy/modules/contrib/screen.if b/policy/modules/contrib/screen.if index 796594355e..fb5bb83473 100644 --- a/policy/modules/contrib/screen.if +++ b/policy/modules/contrib/screen.if @@ -48,7 +48,7 @@ template(`screen_role_template',` domtrans_pattern($3, screen_exec_t, $1_screen_t) allow $3 $1_screen_t:process { signal sigchld }; - dontaudit $3 $1_screen_t:unix_stream_socket { ioctl read write }; + allow $3 $1_screen_t:unix_stream_socket { ioctl read write }; allow $1_screen_t $3:unix_stream_socket { connectto }; allow $1_screen_t $3:process signal; allow $3 screen_exec_t:file entrypoint;