Allow qatlib search the content of the kernel debugging filesystem

The commit addresses the following AVC denial: type=AVC msg=audit(19/09/24 10:36:25.585:1092) : avc: denied { search } for pid=9727 comm=qat_init.sh name=qat_4xxx_0000:e8:00.0 dev="debugfs" ino=98915 scontext=system_u:system_r:qatlib_t:s0 tcontext=system_u:object_r:debugfs_t:s0 tclass=dir permissive=1 Resolves: fedora-selinux#2312
zpytela · Sep 19, 2024 · 36a3fb6 · 36a3fb6
1 parent 037fb97
commit 36a3fb6
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/policy/modules/contrib/qatlib.te b/policy/modules/contrib/qatlib.te
@@ -40,6 +40,7 @@ files_pid_filetrans(qatlib_t, qatlib_var_run_t, { dir file sock_file } )
 kernel_load_module(qatlib_t)
 kernel_read_proc_files(qatlib_t)
 kernel_request_load_module(qatlib_t)
+kernel_search_debugfs(qatlib_t)
 kernel_stream_connect(qatlib_t)
 
 corecmd_exec_shell(qatlib_t)