From patchwork Thu Apr 2 07:01:39 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gargi Misra X-Patchwork-Id: 85130 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5326BCC6B00 for ; Thu, 2 Apr 2026 07:01:56 +0000 (UTC) Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.10248.1775113308921209856 for ; Thu, 02 Apr 2026 00:01:49 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@qualcomm.com header.s=qcppdkim1 header.b=OvXZpWiE; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: qti.qualcomm.com, ip: 205.220.180.131, mailfrom: gmisra@qti.qualcomm.com) Received: from pps.filterd (m0279871.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 6325Vfx3091589 for ; Thu, 2 Apr 2026 07:01:47 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= content-type:date:from:message-id:mime-version:subject:to; s= qcppdkim1; bh=ciKuWIsXkmIoXJXYQzC+u080anumU8X0jZb1jSzvuNo=; b=Ov XZpWiE02TnSeNLp7KL9UQQDj9RTqc6tZbJ/kDLwSKXowtTeIIwyiI0UF6Rt7IUGt AMwDiu7BNOgMgjIJWAmZtO4vzjhCz9ybszZR7W00HNeEvJ4wpmyEqkaYFS52HsQo 9HlHEZ2A3tj11FO5qI1VdMo5FxrVyDlNKXWaVhVHfBbdQiUtAEVE8ITrht4qnQ6f lk5ee1Pe0F5pcmwqereVGCWO8mW6inp7x2QQMEnbSaI1B2yLySMcuzrlc3jBw7HA nab/x8yq/n7SVGu+63z4z7yqadLVww9RBlKJrynNUEvHTMiPX/lgRxFaIi2Nm1Pw ltOV7bfdNMmJZl/9f8MQ== Received: from bn1pr07cu003.outbound.protection.outlook.com (mail-bn1pr07cu00306.outbound.protection.outlook.com [40.93.12.6]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4d9jcu8bjh-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Thu, 02 Apr 2026 07:01:47 +0000 (GMT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Qj1zecFEylf0sF1XLFoe9BEULfa5wNOIwRX/Z8du3C9AgGbmvs17b5Gyq1zqH1Iwpu1mrFurCwH7rW9oCzmUCphQkAXHoJrEo6KPVF4v6W6ZfA1o3Sjs3llMeVXaK8iKW0kkWR0VyOf+93FnWqxii+N5tF4hRWWBubieTIPTkLHoEQAddC/XT8eViVtSbYamK6NBBq+8uKL0wkQl+9KPFc6iXVk8eQjPd6bRK4Xw6cPk0D/l8zr4yONOK90XUWQlPEG6t+0a26lfDGId3T7Nqd6ErOWdlz0yhZmp+E5cbiWwhASim8UsCkCd2IafybQVOJL85jK4FNGMrcVjpUWUUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ciKuWIsXkmIoXJXYQzC+u080anumU8X0jZb1jSzvuNo=; b=hV3rYAT8L2vTE/KY28W2QdYm8rrOrKDWyU37etc8CUdRaZn29Og0+2ZZOcMr+EEn4PdPfTIcaOs8kTkMlhhYaAvGNfnltPjfIMmhANQ0K/AaAXpf2Il6lYoXduS6lAv9uLiJ4vF6FEPTUK4CzqthahjqRgvL5QZ+BXIcriU/dphs3xPDPnuo9u6uGf0K6tlDA/DvIu6vYzjd/fGxdBE2//4uHqf3sxTJQic0TdHRdF5T0RyAHDg43hjQc2hWCzQxzEOATmSUZPMtQNWq2IeUYQiasQObhuWgk0PUT2WK8fBJkUfEaG8w7cSd5wMgfJ2VQrmABzVlwmOy3Gb8oq3KAQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=qti.qualcomm.com; dmarc=pass action=none header.from=qti.qualcomm.com; dkim=pass header.d=qti.qualcomm.com; arc=none Received: from IA3PR02MB11199.namprd02.prod.outlook.com (2603:10b6:208:542::12) by MW6PR02MB9878.namprd02.prod.outlook.com (2603:10b6:303:239::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9745.22; Thu, 2 Apr 2026 07:01:40 +0000 Received: from IA3PR02MB11199.namprd02.prod.outlook.com ([fe80::d20f:d3d6:cceb:337d]) by IA3PR02MB11199.namprd02.prod.outlook.com ([fe80::d20f:d3d6:cceb:337d%6]) with mapi id 15.20.9769.014; Thu, 2 Apr 2026 07:01:39 +0000 From: Gargi Misra To: "yocto-patches@lists.yoctoproject.org" Subject: [meta-selinux][PATCH 3/5] refpolicy: Added policy for systemd_user_runtime_dir_t to read tmp_t directory Thread-Topic: [meta-selinux][PATCH 3/5] refpolicy: Added policy for systemd_user_runtime_dir_t to read tmp_t directory Thread-Index: AdzCbnCoSpcItYpqRni/fnDCOK5Clg== Date: Thu, 2 Apr 2026 07:01:39 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: IA3PR02MB11199:EE_|MW6PR02MB9878:EE_ x-ms-office365-filtering-correlation-id: 526bfe91-ba5b-4a13-21b4-08de9085b06f x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|8096899003|38070700021|18002099003|56012099003; x-microsoft-antispam-message-info: TAOgA5SY+8AWr4YTYg2hAfKC1stvTXJbSkyRcHHdE3g32gaqQFSgvES2XMfvCrelMQHyP2Y2DcHkBimbRGWkhjYLToivg3MWx7v7opfhcca7ypJfV0I01yYnC1CaVQkefwUysGRwVdpeHdP2Nip9+lvK0NZAop5r8S6MRFCN5TLNaEhz6Sw4rsw1z2AyX1hT/2rMkimTXPF7L43bnaFfJjY3is9en997XNbGWWhqGV8gjR07JRWggqypKshKTj+CMawImW9MOW6fm9WSVvQZAwTvMSLAFUPyeUUy6DOax/1YcbqIc5uZAibTpFNdDP0RiRQJ+mMNWipBtQFSHbfCd/feiNHJRb9kKxhCByQIjeZaZV4tBHao56rv5rt1gB/AZvIzQJzKniMW6Huk4OwwjwwMCngAk9q5YpYlUHpVUNRN5cFjGMjNyiiujb4F2Eun8srQ4r0bTKYV9ru6/CGTiKqG/5mgHh9S0L3jjCmSo3A7keP69dyE36pI7JZCjTKWuFgun4uWzNy//o5KmNpQAhTtFWj/Spcat7RN1eb+TeJG8gPEqGo0YtzuEF0I69F8EcQ8ayVKqNeMfu6o/r8pG1uLMCq4bEzqNyagl7woW+fwurXyqOkxJE1XHAsbb9V8YpDIvQtRgaKCkiE986l+90yZbatc197vbieR0NFSPf+lRgV5MZ06FgbDk85nSzQZCFjAHL15QDHRNXZzPEaTNlUNMTJOc4A1JryOn2uVnXuKCWmu56BWoAuBaQNFYtHc x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:IA3PR02MB11199.namprd02.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(8096899003)(38070700021)(18002099003)(56012099003);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: /gPE/nuwVdybG1XcHFZrvGmCn3b9DtFLm3KdrZjCPsDNLlVDlwSt3dpZ1JFvsWXk6UzoRZD0UCmbR8MOpnvAKzBnLH0Jg5f8LI0E3ZG8UlljHtWateqhX95qa13RnkLJUrYUBLMDsLiEMcWiAZen35vivHbBRxbv2b42l1BuGJySnaK7MD9uq31CJNWVx1oQcl+RNqkSicWjMgrkDqaUcGUNCtu+/KClxbifgNfLkz66wOvZ9U3uZ6OC/lJ9tUWKAYv4xAysZZZq7z0syUPL/B2pCvhOspDwoM6nO+RbVp7VPJXIW+JD7j5jPvphuhs12VCjTLliBQok2NychR2wFjqo2ukbxCsg2XeLe20yXbi2qNWXy+p6f1MAHKLhbwJpVUjB8zZM5/fHF9RkmfabYIhKk5JUFmbtHHi6gpxf0ytzsmsFdl5aPGsK8UbGtyBYzkovFbo+G35m4TtCPV+knm+H5pX7ofz/542FTrhLEbzYUPYU2BtQkFqJXcVWuk5bKdlbclYEdLNuwCwrxgPIN79jcn9jziKh2IeKksrsxi8k63dcF63mvQtpfALVVDYftYL/IcBb4GC84SpLjDCZ7vHyoZuOGEl/GOeQ/WMCQAVcGuZfL+BVzn/rHfZ+gMWnFAvl/TSehywwNgio6h9poP90xe7hmv0eWfr0T/vxkGDlZyccDYL6sQbOCmokkuAEvQqVJcO0Xu9sLJ0DzumAfL5gfPkraUuguzvQSCf/nkAxFTJdL19cG++Vllu3oyIeqHrLb//Z9K5oBnW/cwrPX2Jl65AudHzKboDlgeB0j77kjwSeb06mcfkEJSxTn1u+tPHD+RsvQnm653N6rkadvdcv8z10OQUP4szo4nCXbpCqVEaxJZmCOtJhuHGJYkG+ddV1r09x3aeWFDmXKZ4zjOFs4Q7Q1fOd2KjZtRxp3I6Sq2Vqq+4sedUWoq5FgtUNUeOkYyvfnXigzh2uDU/azgMMpAvGJDEicoJbblWppElVJKSiKMDNYsHdZYKqXhucfWSUO4bz1ZuuUqZ1zc9WZ/raX2bXEjCjaCU33Uv8xOWA7H6bjk6aNYkTS19uZTrV+YcE1Lf062mT+N709vEJIGkmlW63D+VHSWjIJu9DRDy9XASP1rW484sIVZavReIICjMa30gOrrvAmAzcsjzzDgxvCA3sisTYlswsJCq8mm9p8mS3g2G4T4gVdj750MJJ7KHwFSeAqv0w6ViM5rRv5VoqRHzGKnFJDAC2U+Y8k4N/0hS4KMYtdFNeG9nZhgM5eTMvB/MRVUxH3StG9D8y5Me5L+pz/J8IIwqWL3qm6ZMx5nHeqkiwHpC65uobgtD8bmjWBl7A6qR7jqiLzuOExnPGJCtsnJIVxcO4GjVFog2l2VDV19tO73SWmXGIAx6TIlvP/7h1gyETHs3veMrGtlxWv5CbdBsQxRjCt3uF4Z1YNw4TMyi47HwFLa9W9QamzAwkPOFrSr7EqXpXOgrtguZh8i0hsz6c+rO9mlNCvyOKSZi75ljadZ47qHDQndq3z4n55zYIMXLxZj3ojSOEF///Eq6mSACbqwiY1Vc1GAJgjfudPgWWGsSCLfu7ntEkuwFq12hoaG5ZOczWaZ5xqhq4OKdxcqytcyXlQnmos4fy/lyzzbI8SBmXqS0+eYALi0FHu5FbqlRzTSmq3/scKjl+OTu3pe4ana99vIoE33GOLw+t5nQlo9lwck2INpjSvje4q9XvvdWQ6EC/wXZZDg== MIME-Version: 1.0 X-Exchange-RoutingPolicyChecked: OrwYCjRdf7c5T3C8XadcKhHIfTSaL84Gwv6H237+RJ+OkOAHSo3UZ/3MFJf9KpD7JDvQfkxt4iprA4gVbkWNTBef5WsmkHOa2FKcyu/exMC+OCc8oMkYOsESAhO9vKRws+C1FkIkYGwKQraDnmQEWP5Lzu153GzLGq/Hn7MnqX+6jXFHhSMLyBHq0+CleiYeN5U2PiEGoGsO7blPfWTQBvGrGJC/Qh2IRaRycgl71sQ2rT1niZitPqc9vPgUX5AFSDr4vp1pyyrEFlNaLTgqpBNI3d3iD7LrbqbYsxX8OnFzqsdMMiBMm13Inmw/1nrfVVOiSIlg0s3WKJO9Dtxaiw== X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: /XnHPJHEGIZPQG77Y+u6N9KfwXzbq9jPba5OD9fdvCnwqnHxkvamZ9CQCBZmgNIexw9vgha2Jg4zOr8kIwNDOtH6ivcGT0YwEb8fXIpNLZFt5dNBWGFHOQzprnnXZ+w7zj4hwvm32rqaJW3dvviiFc8dAsG1H2fI0VBl9n29V8FgYq3I02QGTZ3Ehi7fs0UGLlZ6NH682RO5s4nLER9Jqgpv2kEW/duX0mQYRQ3p5W8P2RSi2CVylsn2G2tVFFaxyVR9MjqiBir4efy/Yg9Vo0+9tscmX2Gbi1LN9kkG0VUZXUBQllwMrjoJugSjKaZY6dQvSwQ+a2Ky+FFVKpH1bWW+Fo44ar+6R3UW9EvJxkt6Ca89/6K0cEJeaVRmg6SZdkpsdgMVw6TMWfwrUe6WjkZYqhLbQA8yOf88GJs5gXtm72xiAIiNqI4q2b8f2vT5HRpDEAGb2fcQgztuzIYkUoFrMKW+ufMjXgiAcExhxK5B+Ih6f5xuxzNGs1q6v6ysa857yNX8zrac/CG3BbvNBArSG/6vuvCtE94C/8Ikox9M42fX3doOu0Fd6JeSu1UuCXKd1ao93gUHYCDF2KX1Es2iXRnh6pMFWADXro3znDEFW1nsOA8X0tBExB5PGBh3 X-OriginatorOrg: qti.qualcomm.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: IA3PR02MB11199.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 526bfe91-ba5b-4a13-21b4-08de9085b06f X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Apr 2026 07:01:39.7798 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 98e9ba89-e1a1-4e38-9007-8bdabc25de1d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: WUq5ZEATZEAx38IhrUfO9wlx+6blGQXxPCtutkB66m8R/k1hMIhCSP/BszzvxHGT/ClPONJR/JxkaRn9YlvXEg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW6PR02MB9878 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDAyMDA2MSBTYWx0ZWRfXw2JjXVY16UlB 0OwBZ2v3f3s41/cB0KWxo5YexCD3rHN6FL8rifq1dPi5b3jAPTTt2j9YKlQR8b+JhMwkDGF7jGF cv/KCl8AJNwYmRdjKB27VsMbDSh28zOOVVekT/AIWwrlDkb7uK2zyKxFo4WC+woS2M9hsvGiqo4 b3i7ElgJ/1Jw60MTZy+CY437DxVKpkwf1/7mGzVXfNPgiQrCf+Ks+Y7CAWdAJn2C2fVD88wSmdw SKeMBjqZhpMDhZ60GqnQF88yuSsnC746PLk3mNvfwClvoMeCv22DuCfbnXSJ7msx8cVm8PyQ7bJ vZV+wifCLYQTpw8UzvCoL/HVqlGltlzi6SwNuEjKL6hw7B4yxI+5BrJ6/2nt/fLC4IBvF0Fz8/t 7tve/h72XtB1ldfwh0aEtlveapq1WxWaIMnOa2T4GLKTBeC9u6kogzflWpjH/ngeGF8JkMQb1oB Ab+pExnGHd3mciUglSg== X-Proofpoint-GUID: KyNwgctswCcfff9j5kTNtZ2QglzjJyPC X-Authority-Analysis: v=2.4 cv=eYYwvrEH c=1 sm=1 tr=0 ts=69ce145b cx=c_pps a=vyniI6In/5XBr/U1JZq+ag==:117 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=A5OVakUREuEA:10 a=VkNPw1HP01LnGYTKEx00:22 a=u7WPNUs3qKkmUXheDGA7:22 a=3WHJM1ZQz_JShphwDgj5:22 a=NEAV23lmAAAA:8 a=EUspDBNiAAAA:8 a=OM8fqfX2V_RMQ9N6vYQA:9 a=CjuIK1q_8ugA:10 a=yMhMjlubAAAA:8 a=SSmOFEACAAAA:8 a=MFkjKvwAb_bD772jJ4QA:9 a=i99sqPLXTsBX12wG:21 a=gKO2Hq4RSVkA:10 a=UiCQ7L4-1S4A:10 a=hTZeC7Yk6K0A:10 a=frz4AuCg-hUA:10 X-Proofpoint-ORIG-GUID: KyNwgctswCcfff9j5kTNtZ2QglzjJyPC X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-02_01,2026-04-01_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 priorityscore=1501 lowpriorityscore=0 phishscore=0 impostorscore=0 malwarescore=0 bulkscore=0 adultscore=0 clxscore=1015 spamscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2604020061 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 02 Apr 2026 07:01:56 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/3606 refpolicy: Added policy for systemd_user_runtime_dir_t to read tmp_t directory avc: denied { read } for pid=1201 comm="systemd-user-ru" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=1 Upstream-Status: Backport [refpolicy: Added policy for systemd_user_runtime_dir_t to read tmp_t ... * SELinuxProject/refpolicy@eef80d4] Signed-off-by: Gargi Misra --- policy/modules/system/systemd.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te index 2cbb6a3628..63b105663c 100644 --- a/policy/modules/system/systemd.te +++ b/policy/modules/system/systemd.te @@ -2450,6 +2450,7 @@ systemd_stream_connect_userdb(systemd_user_runtime_dir_t) files_read_etc_files(systemd_user_runtime_dir_t) # read /etc/machine-id files_read_etc_runtime_files(systemd_user_runtime_dir_t) +files_list_tmp(systemd_user_runtime_dir_t) fs_mount_tmpfs(systemd_user_runtime_dir_t) fs_getattr_tmpfs(systemd_user_runtime_dir_t)