From patchwork Thu Apr 2 06:56:32 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gargi Misra X-Patchwork-Id: 85122 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7092FCC6B04 for ; Thu, 2 Apr 2026 06:56:46 +0000 (UTC) Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.10160.1775112999071596770 for ; Wed, 01 Apr 2026 23:56:39 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@qualcomm.com header.s=qcppdkim1 header.b=eRUJaGgt; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: qti.qualcomm.com, ip: 205.220.180.131, mailfrom: gmisra@qti.qualcomm.com) Received: from pps.filterd (m0279872.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 6326icul3955873 for ; Thu, 2 Apr 2026 06:56:38 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= content-type:date:from:message-id:mime-version:subject:to; s= qcppdkim1; bh=yyQj5rzvfH8LYwBSxvNTBz8z2WnlirVbfGvlk6+vps8=; b=eR UJaGgtfr8fHt3JeMiOqGivQce4sKOGpWc6Z0olM7qKBZv6sknfwzF39JwGV4VI8U 2dxPSeBnoQvFzq2EX9w5KIJiHa7E5OK9QyvtJKFyF9tKOpcUETLRINLnirSknL7y 8+QAw/ps6552rTqjuirHxf7scL3kcp7mlS84Z7gVDrulnJyOEY1HTzOucNELkQTS 1ULOmquKKA+e4yun1+XuU3xRnFuBgkDPPG1czj0ato/MBN5TlyaIyq8XayqgP5EW aWiU/4KzdSZhpSpNMJ8kit5c4nKBRupT2FdltUG1CR/ki8sUq4SmuB1UkNO4NEaA oEQG8c9uvPg/VI165oaQ== Received: from bn1pr07cu003.outbound.protection.outlook.com (mail-bn1pr07cu00306.outbound.protection.outlook.com [40.93.12.6]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4d9aw5ht2d-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Thu, 02 Apr 2026 06:56:37 +0000 (GMT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=hEWlSnyflPdVzqf6/fJq88A/WQLOwDRywqEvJGCZYutfXSSR7XyW8chKCwDlkiq7hT2XGjuMkijzAX1hVOBk5FJ0xUkcZ/Et/eE8qHwiKIkcXMJsqoJiadc6PLIX6jmHfwEKX5t4pKDeCEuuqSPliVU1okc7O4IGA6A6yb0mFhnwGLCmDioCzjhnbuFRHKIL2X0w9IlGd0rWZ6A6AK0Mhn9cGHSRy31TlpqoVql7Qs4DXO9MzpQKE3kKag4Zj9hV4MA1WRKutwcrIYd9/yE8sOM1wSYlQjtC0k/i1x5sWfzBBRVnBD8L1F1Xb4+gkA3xD7mDxhLGjt4EE+YqFb+sKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yyQj5rzvfH8LYwBSxvNTBz8z2WnlirVbfGvlk6+vps8=; b=SVpsbk47vPKIBOuMdf3rdA6iHdphrA//quvMPaqH1OiEKPxImwJ2n9TK79tJvB6mmQ+PMsW2U5UAoTExz42Uchg1ib/kgvYy0Z68iFFlBjE5+9lVYAeYyAjp8zsKuHCVWmDEQXWed4WfEsGgAjx8Xgdq4yzlBkEmIIkO+eP8SsmjYVykdgg3QyZQ4dkta/dSCywbwu5C+Ilid3CxOP1ISK7u4ycXZ/SOWwat9GlIviBcJQxsM2IamwUYuDqg14RdCeyz20129J2mSZ96F6KEWR8dQjgWXXWUW0aBPk3Uy2F94BRxAFMwWvA0VvKZPYCqWifuq9qufJuLXLa1vsxxVQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=qti.qualcomm.com; dmarc=pass action=none header.from=qti.qualcomm.com; dkim=pass header.d=qti.qualcomm.com; arc=none Received: from IA3PR02MB11199.namprd02.prod.outlook.com (2603:10b6:208:542::12) by MW6PR02MB9878.namprd02.prod.outlook.com (2603:10b6:303:239::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9745.22; Thu, 2 Apr 2026 06:56:32 +0000 Received: from IA3PR02MB11199.namprd02.prod.outlook.com ([fe80::d20f:d3d6:cceb:337d]) by IA3PR02MB11199.namprd02.prod.outlook.com ([fe80::d20f:d3d6:cceb:337d%6]) with mapi id 15.20.9769.014; Thu, 2 Apr 2026 06:56:32 +0000 From: Gargi Misra To: "yocto-patches@lists.yoctoproject.org" Subject: [meta-selinux] [PATCH 1/5] refpolicy: Added dontaudit on docker_t to manage /usr directory Thread-Topic: [meta-selinux] [PATCH 1/5] refpolicy: Added dontaudit on docker_t to manage /usr directory Thread-Index: AdzCbRYoAals3iXqTY2XdXSvdqargQ== Date: Thu, 2 Apr 2026 06:56:32 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: IA3PR02MB11199:EE_|MW6PR02MB9878:EE_ x-ms-office365-filtering-correlation-id: 93f5c608-fef5-4d5c-9b9e-08de9084f953 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|8096899003|38070700021|18002099003|56012099003; x-microsoft-antispam-message-info: Nl8aUneYP+WdEY54mc6Fq2z10THV5aG3l6jt7XBtFMDQ/R5+w5yGB6mJOvAi4tcPnQ9lZloLl1O6yVVRvueqGEmIz7Fkwer8DWrexUrZhG3im4ClFWV3vcXn+nNutGfCBNGLuXoPEEqCFqWrMmQM380z6u2qg51oSBK69HDqj70PbsXCuaD8ivVIAG4wFXowciHgSSOO1eh91cNH6qz52NqHyQPhZ9BoOTljWepSMjFJtbl/JKBWzIXFNzqzuw+sSQ8CEMvP/UuJRg0/Xd7weK9okffTrW/Lc6u/ngPGKLGggcnOgZHkYkxMmPuyuEt1sRFpw3+LyRWuSyK0NRsnk/7Z/AyJ/cxHI1wWSG/5d0+2w+yK+Cvl/Ffg1FsEzhGez0ZNR0m/WS7+vAw17foNANLLtKVrEAExHHvGN6RD25S9NXn7zIcVeaSOO96+ygDvA3/eD8X40TkZHgm1EcdM2FJZzbn7K1FFk3NOtXc8QRzpWkeBUDo26ltMW68T8R8/N6L5V20QtCwX8BDTBaJWxRGSGqlcOaTP4QHcD8R+PSykXqI8QnEdksHLCw0aAeGN/ynAMI7+AVLAIaJ26KDEHXNEPpU1IlEwlsfVmTyEQ3U9SjL5YvXhilUfFzBybRyZeXSKXFcwfaWt2tb1g/IrclBKg6954VWV8vNOz+MoeM5eVSW5UQ6y6CpkqPfIMZgvm95zmlAMiU7RbKeJj01XoF2u8BMwxWHjNlcOCm+0ANxXpDWXRcv/EZPLofXDQOC4 x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:IA3PR02MB11199.namprd02.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(8096899003)(38070700021)(18002099003)(56012099003);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: PzOPmE1CPJJ7gId17q3kR3vaeTPPBe7XvJZWoPyxx95kvNxu4wZirwp0RRzLwA2t1hJa34qD2dNSkyvW9xx/f/GKOpxVlol3iCT04Tigq/2a9Xhb36v7+WgXi2rPCGrtngDcoAVv+JExNa7Y6QLwh5xf1V63hwGTV6QOjg6NPIichI/AuBa9fuCekU0ka/lC9RYBKfH/JDLx5XCl2QdopWJbt8yli6mGSnQm2B0EEaA6N+/tCmBNtUIUh+wswhQQft7p30UCeIeiVhrgUhrCJ4KYhoDv3sdxGpcOENO71pgFVwvFU7J7/LFC3OuHtZPSISueGgNDOyqbZ7o4byFFbNtdTFtMgz9D/PXRXCmPVoS6MX7c0DuWrTOb1G53OkLtQrcAsXgSiffFSabkTNW5xcrhZmEbhIUpqr/3MYVXxmlH4pzH88QerRrSx2tqltoveWNVm6d6TppQvcWHahPy11TwOOX8Xj6LtsHYdCe7OZbgeQ47E+Z9Gs6q7ft0a3ht+ZF+D6caciUw76QdbPf6GxgO21w+aCRL+ZL6gc7o4Fh6rKVV7Q0VNRL06sIPyo8o3tG8Jo1BlQBqdruGOqvzwnshxbZQIXPhfxDn5Pb4DouWAaLDTHJFbGK6/n3p861zQ5IoHplvNrnGG64XU34VxzNi1IpXuIYLPkQbgFE83bXIbfKm8F2BvqKcLYFC6sucQrvdCmxuO8kaID0IGIrVzN67yZnqCdjY4yEVqiq+zDF4TvkiCPXsuD71155fhSjAq4gcBaE1INrRt+hEAmTKeHmbOBrOzmZB/ammzm17YG9UIbj4mcYfthfbX2/dQM4NO5Ro9ScHbZuTC5CET57hgGtO1bn8j1w0h4GnThRFckkV1eF2xrJYciqRjihIWww4yoKoVpo95boszlQp0Anyfku/uiuN3RhGU22dWT76TnLhVwbSDjmBJVNqXt+xdZdmoUVKjQFoRiZYPOJkrE5nRe0LR81Dh19fYW3zgfUHQNqu+Sf8nJM+DvEdSeU1RbvK2NJzWIKL/+A64vIBF4aKLYIR2tT6vzQKznBlhejFe/IeFUf7umJJRNrm5MQ5nXOptCIh0IxEelkEycU2ycNW3vhOmQ7eUpCxgg8DtOUODQXsw4nP/nIafLiPA/nZjmiDjhUipWMrfmGInjZDD6hGqBnJo6PTyKzNahCdp1D1BDtfYstyEir5mL019Js1TOrAMMZ2d8SqaY1sWg8Mu5KDsRFPGoc26BRygTpUKXKjf6wlvCQG+HzbNE9Ne7A8Va/2BsbEMW8uWIL48YiizCYCXyw6XuSxDLW9MggDiRAiOPCF4o+YPEksBr4ktqtdB/2vSEg6CB7S4gekJ0rJLIRFyL65M4XK6Ar37S/I2W0QQxhnwyPxUeRY2JzIR1CEE8QKKDonYteCKL5oVIp64XzbUEZ7myB/l5svuvmyqNHze+3uYKJDD1t2FAkMNF0v8LoQB6SmEoCd5T6dQsAKD1/NRHGOKBk3yV9JA/6h/z9ibu3dsCJjFoIS9PuvkRsbgv/LLQEE7JEQ7Ehk0spdWmcL7Jw7xn7/IxqELgLewuxscITgcW/IVXv2w01+aZCwH7E+FoZtZ+PNMOmst7L17wdOmLQg2zrEOBtZs7ZL4jTcp+yE9VNTyKFz7oWTrQOvyo6jF6zGJaBqXMUPSxiiVHK+V5m1BVbQe5at5nWxx64OnnB6Ch19BHomsParz8dzRjqfOD28s8f8bnXYq1bBakxKEw== MIME-Version: 1.0 X-Exchange-RoutingPolicyChecked: JL5hqyNE8uh4ohkEwv4S/hQgTlOR8A5C4QMh67UZacOJUUSHwBeF91Qn+aAiJPcm3ZmHAo/k7rEQFn6wGh/x3Ex1NQAYqb3KpS1JrxjDFaHMlZJlyGXGqCZ1Cz1jzzt6VSrlARDeebKa3V2vwfvzX9oVkiscEUXNFIj0IKo8jqOS1map4clyhhWmbjuDlKefItJ+C7U5Gd9jhQ18ZSQbEswovMBct0YysLjPC6rknXn037bDmJ9MFhCg9CBdiHBNp/BK/mnKm2hm5ovpcgMO25QS6PnV+f11z81Q8GENt08rVqZy+KFuWxzoqmhoo3bVrtxrAFGFRgNR8m1+3WXZfg== X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: ObnxrvAHql9NYqrljJqPe0OtTSw1+SA+0FpVHoipU1XzEVG2T8n/dQAtM5qal5DUy1872Ffzb98zChBbbS7G/ddMBLs8K+oBh7L9wNqG7iDcFxbNVbrcmachQVVu+MBUEELN+x7TRl91LYn5oCwjkurfX2uZe6yhRr4oC02jhyH7H79+JOTdc4Ju3ZbRxgIttz50EMGWjIgXR9qoqmfYEEeK9MaKVWYf/fViMKOo5C3KzBDU4hvell3/z02HBBdA1xrNTfw8ta9jVO6qZxCMWdnNFqsT4WAj3uNVsEVg5ty/IAaMNcLYdkGpjbJxyNFEIoPSyaEDn4bsQiOL3/7GEcGRLvxi1bV2OiSvVHJtVAGScYtRO7dgxe0Iy/IKbaADNZhtaTJX6KgKj/2YcPle8McKhjzCJzyweSBHbbBVkM6lWJSG4/QIFvzVMtbbBfUsOlyTD1ib4ms9zZ0Q1+TMC3evz6ZV0euE0rkYxW7BIqGKC5tkL9N9pctfmp0nrS6L600Zgf/ijKdseuzk+Q5BaH1oxiEc6vqsjc+p/kQyrIyWIq4f8e3cU3EUwM2X68z9d4PAaJqZ4pWnJPYGnvtjGBf9ggvKFTAEQxoqKnRWiwRPEcFjODzGOMzzNU3+xkRe X-OriginatorOrg: qti.qualcomm.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: IA3PR02MB11199.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 93f5c608-fef5-4d5c-9b9e-08de9084f953 X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Apr 2026 06:56:32.6103 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 98e9ba89-e1a1-4e38-9007-8bdabc25de1d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: N4q7erwwMFXZ5eYGxnYF10kKTpkZxtt0yRn3P+O0Uffa+T3Nirz/eab8t+kcdmcZrbX6xAWjQPWEjFaGu+A2RA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW6PR02MB9878 X-Authority-Analysis: v=2.4 cv=Q9jfIo2a c=1 sm=1 tr=0 ts=69ce1325 cx=c_pps a=vyniI6In/5XBr/U1JZq+ag==:117 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=A5OVakUREuEA:10 a=VkNPw1HP01LnGYTKEx00:22 a=u7WPNUs3qKkmUXheDGA7:22 a=yx91gb_oNiZeI1HMLzn7:22 a=NEAV23lmAAAA:8 a=EUspDBNiAAAA:8 a=x1E27W6KMhRVoqMcxFEA:9 a=CjuIK1q_8ugA:10 a=yMhMjlubAAAA:8 a=SSmOFEACAAAA:8 a=TKGAfZJ2wu4n1VY2EM4A:9 a=7tIEifjFCRw9X6Mt:21 a=gKO2Hq4RSVkA:10 a=UiCQ7L4-1S4A:10 a=hTZeC7Yk6K0A:10 a=frz4AuCg-hUA:10 X-Proofpoint-GUID: zt4bE9cq7_VZAgTiWr2Vfjv-1xyUxzMv X-Proofpoint-ORIG-GUID: zt4bE9cq7_VZAgTiWr2Vfjv-1xyUxzMv X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDAyMDA2MCBTYWx0ZWRfXyf0QkcyUP1/v 8P1UEL7sCUybVxV7hj6V4m3mvijhuZUgBW/uLZcCSR1tzHroLHqAkWVYucZnKXrk1LEE8fKNAnM LgfaBmpvWZbuTBHcTboYQw7x3EVbgQpQZ+kEfn50WnUA8smIb67JlbYOIf11OzQapxgLiqRl1WF djjS8qHAGqIgU0NXjcCa9TjuGLebrkkJI+OZP9pqgaQRHzcJJaqelpoPVw4EjU2ay19MhaDuIP8 sVH+ApoXICvmIe0OEIOji07hEqqECB8FlHChenYSb9H5QG3fQtFi36wTTT40rRKVnRjFVY/6DSX LEWVDzSs0AKs2pXYyNJIFohSbso4Tmy928hIGsZc9WDPG8/bgMFAifwL8a2I+LE1j2s/Ca3Dvh9 CqCo3TntxFBjeJMDPW2QbkozsTIoQM16cj46SQ98U8fUuzo5Y5HrTa0/xAR9pnpqlA8YG8xxPaT mUFPCmb/OwwoFKGGnSA== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-02_01,2026-04-01_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 bulkscore=0 malwarescore=0 spamscore=0 phishscore=0 priorityscore=1501 lowpriorityscore=0 adultscore=0 suspectscore=0 impostorscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2604020060 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 02 Apr 2026 06:56:46 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/3604 refpolicy: Added dontaudit on docker_t to manage /usr directory avc: denied { add_name } for pid=1154 comm="containerd" name="containerd" scontext=system_u:system_r:dockerd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir permissive=1 avc: denied { create } for pid=1154 comm="containerd" name="containerd" scontext=system_u:system_r:dockerd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir permissive=1 Upstream-Status: Backport [refpolicy: Added dontaudit on docker_t to manage /usr directory * SELinuxProject/refpolicy@bd3c6e0] Signed-off-by: Gargi Misra --- policy/modules/kernel/files.if | 18 ++++++++++++++++++ policy/modules/services/docker.te | 2 +- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if index e55bf337e3..de77c0f090 100644 --- a/policy/modules/kernel/files.if +++ b/policy/modules/kernel/files.if @@ -5529,6 +5529,24 @@ interface(`files_delete_usr_dirs',` delete_dirs_pattern($1, usr_t, usr_t) ') +######################################## +## +## Dontaudit Manage /usr directories. +## +## +## +## Domain allowed access. +## +## +# +interface(`files_dontaudit_manage_usr_dirs',` + gen_require(` + type usr_t; + ') + + dontaudit $1 usr_t:dir manage_dir_perms; +') + ######################################## ## ## Watch generic directories in /usr. diff --git a/policy/modules/services/docker.te b/policy/modules/services/docker.te index a23c21c8f6..f40713d121 100644 --- a/policy/modules/services/docker.te +++ b/policy/modules/services/docker.te @@ -47,7 +47,7 @@ container_runtime_named_socket_activation(dockerd_t) # docker fails to start if /proc/kallsyms is unreadable, # but only when btrfs support is disabled files_read_kernel_symbol_table(dockerd_t) -files_dontaudit_write_usr_dirs(dockerd_t) +files_dontaudit_manage_usr_dirs(dockerd_t) kernel_relabelfrom_unlabeled_dirs(dockerd_t) # docker wants to load binfmt_misc From patchwork Thu Apr 2 06:59:03 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gargi Misra X-Patchwork-Id: 85123 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6941ECC6B03 for ; Thu, 2 Apr 2026 06:59:16 +0000 (UTC) Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.10185.1775113148279763570 for ; Wed, 01 Apr 2026 23:59:08 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@qualcomm.com header.s=qcppdkim1 header.b=emSE1enn; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: qti.qualcomm.com, ip: 205.220.168.131, mailfrom: gmisra@qti.qualcomm.com) Received: from pps.filterd (m0279864.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 631M478U4009488 for ; Thu, 2 Apr 2026 06:59:07 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= content-type:date:from:message-id:mime-version:subject:to; s= qcppdkim1; bh=qDeLywv7WnaU3iS9rahcSwJDIO3CerREiMQOyBFjj5A=; b=em SE1ennvD3L7VtwESUJM2/HyI5lp/kocdTHzoC8QbY3S5bCoK0g/ddzeZ8eoz31qu qayNywP834bRYnLW8zaj9RqbPVRyJkiiR6XT6MFHHHodJeA1IPy/YpYzlgScZ8gy SsCx4GtHzK4Z4XioKvwOJGpR8RR2jC98b5KVT9BE0h7A5x1IF3m/66AgMhHANo9a uz3cT936cN6BuGod+WNwTaI3qSpIlUCc4NcrEX7jeK17BCATyZDbF9ah+QeECse2 Rpmf4072aBzkRg0uLpmVyYNE6QWFSGe+0dzRmTjLnSuGe/npUpt7ynYT56U0T7OA xRmJNDEOjIGO605LiFSw== Received: from bn1pr07cu003.outbound.protection.outlook.com (mail-bn1pr07cu00305.outbound.protection.outlook.com [40.93.12.5]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4d97e02k9m-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Thu, 02 Apr 2026 06:59:07 +0000 (GMT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=d6mnOJDrsqeTmyLFJMCzubWMyIi1yCkBNRfiFsKGjxjUxoFhMqsgSjjM3vEUK4Tnvz06pfde9/+x3PiNAXihP8Vnl42S1Yv6sFSnTcY32rQRDMhbJDyPSxhlq109tjoyjPbEgpAh3Q4Ydm+Y9Ig3PNpuZ5G4/Zo+NuauEYiSZCxQ+DPRVW/biGhAH26iNBP3yTC05+N/vyRAD5wEMs9O6B1ks7TGtKrHs0zSo1NnrDRHXODP8XEhSqF/oRTdWZY5zE2L2m4GorvDk1tEuE4vtUiJ8+jyF6OOj189cpKalIDS1+Hzfm7ju1HZXrDQayyeCqhUbpPneG0TpxUkRns7dA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qDeLywv7WnaU3iS9rahcSwJDIO3CerREiMQOyBFjj5A=; b=YxrQx3SstLsKvh4wZWCzkalbjE/NDYvYg4Ivc+RmeXW//yulaWGsPZ2s4Pq1R+TyfUK3zuSTtMVjuIYnQogyKtbEtQuws8xyNqeTilSKBqdpHQVHrWkhtVsEk8Am1WxnTaCM5PBFTL+GWC3I4KueUcBnoF/Hk6tTkIQ0YghS4qXGpcwB0K2uw5lN0I1tF8DoikLRKzDLChSVUDSH3CvCtsCteYB+xd2+eR3TMuAAnJXAyFSYt0q0x32tgk+de09rnFpmiIzFy6mu90atkz54CbcNDSER33a+8C4ShMyddSM7hNDyDa3sDF2BIoh37O/eMVnYspHMkxr/Se4Agt6wrQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=qti.qualcomm.com; dmarc=pass action=none header.from=qti.qualcomm.com; dkim=pass header.d=qti.qualcomm.com; arc=none Received: from IA3PR02MB11199.namprd02.prod.outlook.com (2603:10b6:208:542::12) by MW6PR02MB9878.namprd02.prod.outlook.com (2603:10b6:303:239::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9745.22; Thu, 2 Apr 2026 06:59:03 +0000 Received: from IA3PR02MB11199.namprd02.prod.outlook.com ([fe80::d20f:d3d6:cceb:337d]) by IA3PR02MB11199.namprd02.prod.outlook.com ([fe80::d20f:d3d6:cceb:337d%6]) with mapi id 15.20.9769.014; Thu, 2 Apr 2026 06:59:03 +0000 From: Gargi Misra To: "yocto-patches@lists.yoctoproject.org" Subject: [meta-selinux] [PATCH 2/5] refpolicy: Added policy for rpcbind Thread-Topic: [meta-selinux] [PATCH 2/5] refpolicy: Added policy for rpcbind Thread-Index: AdzCbhB+2f3ZqLNKQS2/Vg9i2WJXfg== Date: Thu, 2 Apr 2026 06:59:03 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: IA3PR02MB11199:EE_|MW6PR02MB9878:EE_ x-ms-office365-filtering-correlation-id: 647aeaa9-94ea-433c-3937-08de90855371 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|8096899003|38070700021|18002099003|56012099003; x-microsoft-antispam-message-info: vMFUBZV+Rqx2bVSVly5rE0GCdS6VlZTlFSlns47pVzjChCHbG7aIJUXkTTMTVWMyB4XrhDjHcvb455A4HyMWKaQZKs4kYgU6dmNiBikWkbaYVA2BlNdx+nzTEXDFjonnNm078SneJnqVSNG08PJnXq4IiZ/yTUrp2BlzCmboXiamkPiX+/2VYzmNw2bcgmDF5QObLZs1y2rcLkMA/uOKnptaJHh4er/eu67HlfqObxQBEJQZInV6o9j2MyTAUhrhE1EQnkRB6NsiF1cr+Y756bMXkUbAt3zoL9Yt1LWZIezPJvLxldoB+IpjLPSOe8Ak4wMb+ZrB63hS2DWTvodXmykWd+Obf/5lcravTHpNsQ7fZ0C8E9ZMp3W+8Hz7sU7NZRiePK73nQDdscWfAK+nBZq4OrD+YVbG3wMHCnO3tE0x/0cIgGUGs+IwCRw9buXImiV65ldRhj36ifGdCh+6u1s7OXcAXg3/6j/1x8mJGENhiCIFwZlxgH10OthNTv3UK5s7IdHI0fKmig0urKEFfd1cgSjdZMX1gpJEpO6kydIS3+f8HaoSepZC1Rsl0A6tHXXMyYuvbYZg8C/pxtNcO/oAGQQIRhJnw4rIEEIYzD9Bx5L0n4y52tToJQG5euJlLLeHvRw5BBRC+ch/XDr0FAgkXrmTodaIdJyJkc1NkLo+LG7D+nQrBD9QGWfgNSM+b3mAPk7tYnGHcjfkEWluKnbEBsM3QzMZ+mgWvIDpZLWHxga2EUvtueF4WFt7fZ8f x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:IA3PR02MB11199.namprd02.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(8096899003)(38070700021)(18002099003)(56012099003);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: sD/bwzN/D7TEKebWEexwknxondyZxSFkiN8rLE9XIoyJ1WZyxxZylBq7e2HvnHVxuk/Rl1eeuEcByf7Pw0fdRl5hXcgp6cwN+Qyz+xllmqRtUpIH3eNV72CbHPmdY64iblPGWoaWLvfate/Y/Rkfr+m0b07XLIXRlbmPWF8tQ03U6CLHwyp4dnAtikcQ41ylnp8nIYn9iEv8UptUdWXMVNyONB5A2vBME17DOFgCgU129JmBclav9Davx2CtTd0cN7WfXTpRzQN6PjQy1ozixhUrxMMxyPgS+u4bUe/D484eZywPisoAWDdtcELLqKQoUHYkJZIGJs6MLI33w7MOGfU+ghPVqHNr9dR+PqNTE7DmrU+TwHQAvDb4Ys8KXlb2A08U7HQ6P6Ol6sqnia4S+6lHjf6PhSrEgTfgQl7/tFSMdfNQ/SEVUErMi/pmhRi3eggBcZ44nLY/e9kSP2N77cLFCKAr3smVnWmX0qvv+fHj+0NiCTTzkxI1+0kB3W6w2sHp0lE+fa30v79GWQ5fVPjNMqwnPV2aryag8ohP8mfjL8KzRswnxO/Nxw4a4+uwwkRKEb2lAS0uteA3gPWmKXxnQQuka+hlmcWty1aP9Yf1+Ako488T/tVdFKswf2fQpJVXXkzYvQ03xWLknGztJRtysKw9bWEfDXZ8uVfsN7zS4R4dlTKp4TgGWCoQs2soZb9Dylj7r0QGANOQKJ6hIMz42ga/9EGa+zhHaNA2w8kGZyxKpRPrfM8PY43OdyoUkl4Wtf4shQdidoSmwtxvDtne7imUqBdSd6YX0+0/MN7uvURYfa2NCAZsa+LlK9eunTD7oi3kI7YbObuXyzwOdGcuMXh5VsgrGRUGZwU79ei4UJsP68B7IcYUpRPFoyYEDBpBCuDgS0LknSztBbHZrgCkWjfZ3nIJQr5T6PMIzDSHQCuIKFZxnzGQRkLIAKNHP3i+3C6yls2BF64g9pIMfvzan4MOdx+8CAPmlUwAmACfaWyG10pF3ADL1BhaWQX75cZjTrP3JWFZ/XFy9M5kHqPZpXMasOQvQmh2Cw7bSghTRI0qUndy3n1ykvzIWa/bN88wb2wLuL2ZwLaG9vauTjnF9Im3LYxQxUFY+qLh+lxDvTtgqN+RI3HrrSCKpr4cqbBeyjkdb95i/uem0ouoMe30gnSEwK212kW7HFje/BUy0TFELWUoC4DJdlt2liScBOgIkD56drN1Bgc4nHOIN6bniJJ7phQ2OhDgz8McC51rCqgSuY7KmUhMdA3ZLMrsgdY2L9PN3Ht3ZNVxiJt41pcFedsNxkSKOKkiY3I2I2OA6bDvkO/+TZDSXXkHdZmZ1tvq0gn9pkHBsV8/le+hrfbObyX0FfmhRYHGBhN+UrDflVSxK0hLBpoV43rf1EtWIOY852JGCHHkmuSVBIr3Fx6sxE/0iBCAItsX/Q3eXeo84pmSti+7jU47m3sLcoZhaVlFNgp+zphb3NQAOhnqRIZr6uh7PnMwiY7vYaw1RElrqRXC+J7SOxS9k+drmYCk6a7KIhAA3Z+WdnLejt6sXVLlaYMmNVpdGHuHC++mL5+4OXVQ8294jEBn8Dh9FUHzcRX2aip26h/TufLyGU+j8GCAIfCKDKnUaikyZ+p9pTvZIKGeKERdJIf/UI0u5g7RIUqhLJ3oIqfJJQf9P4YF0cB1Asy2NjLoK58nTRVqIzc6m4OZVIOT1x2SmaybhBLBOdqqCm5VCuPb4fAj09AzDw== MIME-Version: 1.0 X-Exchange-RoutingPolicyChecked: QU1/OPuKpf0XW1adBKzMdHGrtXhBAvQsYYBwb1LJRG+6QHM/12NBxPrae0Zr7TkKQfMm2YTqMpWHpHCqEymvCGFnvSpHEdtzYBCC/0lTNf6k7ms8q5olIgcZXHSuySAJTRFu+/vGnoV2j12A4hEmvRAH1jiIuupFHW9sxuq5d900NoRpcOkqXU++qcIuFHjv/eWN1I93vhJrOjHOaNHqTbrI6A2x/eCJEIjeHyQLcllasXhkVEB5QwXbXMQe2A86qGx+HHNfxWecAWUNhwf882XTfTSrT1Qgbsr1WmoP6O640lP5/grhSgX98LuYPxuPNvblUTVOMKKY3tf2P4mFgw== X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: Way5Xxbobl5Pj5AFcKP6cHBPqLnQYYWK1bxcl4ulMzHUGQbizBZ/8Xg9ukCa4XrM+Vfds+TXksjU8L2em4SMFnIGcMwPtmJpqP9rBPMr+IRUEvwNXoS4OmFwos97EI+bsv3iE2uTiaa/nJLYSC/6EAEk7w2+An1dtSp7Rx5Ec6O2Bsi9EeIwLAAn9yF69xmsy21qXP3vTQPxOIfF938eJpG6QLP7fAN0gMRLDczCTF/wi9X6WQhkXZ//htHlwv2EYXSnH8jxFj9YNXKPY8tRYZj0tDEdMN5jxWbXZWcBSyjdiEfkjRrYSNnO7WcKK3tKoA6sqCl5FaTvisoAq7nOkYaNePUNt0rsrQMelE9Vl04gWqFXY+Yw8pHM/qje35/oDgrdkmuqAZf3O4rubJ/nxIk6ij9lB5rDJ6BJOr7L+2NTNcw/U3z3h7SpKAm/LjzZBb0VI7+9VlMTpzlxBa3hp702xDe4KIXMKNymx58yWsxhM4sHApNO6k2OpdL2sFcL1HtMPcunB7ivzUdf22RrjZJtbrHw1dgj43hmk8lZsVPSGYxtGhWbFP7Qmzep78S5wAZhs6TJJUDKvHYyHSAhYsMEZyZOnzZmDXRhfW1btmkZQZpf8Tx6cFDhG2XHpjq+ X-OriginatorOrg: qti.qualcomm.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: IA3PR02MB11199.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 647aeaa9-94ea-433c-3937-08de90855371 X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Apr 2026 06:59:03.7966 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 98e9ba89-e1a1-4e38-9007-8bdabc25de1d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: zB1WCmoGQhaCDwIO15zhY33+2c7vCQumRRuHsMnTh1r+u+OUB64sehwNoW70WJ8bo9UH8ry1j2w66w1PDJlngg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW6PR02MB9878 X-Authority-Analysis: v=2.4 cv=fdGgCkQF c=1 sm=1 tr=0 ts=69ce13bb cx=c_pps a=xHYxGUywFvkkdmbedG1HCQ==:117 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=A5OVakUREuEA:10 a=VkNPw1HP01LnGYTKEx00:22 a=u7WPNUs3qKkmUXheDGA7:22 a=DJpcGTmdVt4CTyJn9g5Z:22 a=NEAV23lmAAAA:8 a=EUspDBNiAAAA:8 a=9sh29r-yUNc6sGW3eI4A:9 a=CjuIK1q_8ugA:10 a=yMhMjlubAAAA:8 a=SSmOFEACAAAA:8 a=xOvUGthomhZvmT7E:21 a=gKO2Hq4RSVkA:10 a=UiCQ7L4-1S4A:10 a=hTZeC7Yk6K0A:10 a=frz4AuCg-hUA:10 X-Proofpoint-ORIG-GUID: GEy9G7VIwxdv5crPcOLAcuzEbWLj_UWh X-Proofpoint-GUID: GEy9G7VIwxdv5crPcOLAcuzEbWLj_UWh X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDAyMDA2MCBTYWx0ZWRfX4PAIX2oaVpKP 2fyjHCtdFoj0vHT11zvUd0XjtWVHdHNfKdQTNf8HO5mHbcpXm6n3ylYZYXg2nwctQqmyIZq8uMB v2vcm46u8Ainht/BJABF3pf5AAl/jS5MOnCzrVWXjiapDQRHTzRcmHI8jFec2tiM9xZ1fHK1B3K 7gIjuBuV2IVW23Eyg3yUJ0d4QEsMZvPw2CNd6uO1wgaKztl51fxnwtEouJlsPnDUhEtpAykjzxC 05oJXAEwJXnPaHdlc4DVE+8NurAWXTJDajhnyisUZ6jTroS3WxaljmKJO94Fy2L202Ns78CUbNW 9mLCs1yjDKC8mUyhU1s8bcr6vnttXl9l8FCGM7rT7qTi9uvfRRBaL7vsK108+BDtDve9p5+qI3H gVuObbomfuqUDArEAykx9Qd14GaxVNUJD45RGKUmOk2aYev3HlPZv8xuT2dqRtwM8aKpvD7Phqf 1gpoDy7GknQb5TOT3Cw== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-02_01,2026-04-01_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 clxscore=1015 priorityscore=1501 adultscore=0 malwarescore=0 impostorscore=0 bulkscore=0 phishscore=0 spamscore=0 suspectscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2604020060 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 02 Apr 2026 06:59:16 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/3605 refpolicy: Added policy for rpcbind avc: denied { getattr } for pid=768 comm="rpcbind" name="/" dev="pidfs" ino=1 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=1 Upstream-Status: Backport [refpolicy: Added policy for rpcbind * SELinuxProject/refpolicy@2a85bb8] Signed-off-by: Gargi Misra --- policy/modules/services/rpcbind.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/services/rpcbind.te b/policy/modules/services/rpcbind.te index 137c21ece6..a0bedbe69b 100644 --- a/policy/modules/services/rpcbind.te +++ b/policy/modules/services/rpcbind.te @@ -67,6 +67,8 @@ domain_use_interactive_fds(rpcbind_t) files_read_etc_runtime_files(rpcbind_t) +fs_getattr_xattr_fs(rpcbind_t) + auth_use_nsswitch(rpcbind_t) logging_send_syslog_msg(rpcbind_t) From patchwork Thu Apr 2 07:01:39 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gargi Misra X-Patchwork-Id: 85130 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5326BCC6B00 for ; Thu, 2 Apr 2026 07:01:56 +0000 (UTC) Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.10248.1775113308921209856 for ; Thu, 02 Apr 2026 00:01:49 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@qualcomm.com header.s=qcppdkim1 header.b=OvXZpWiE; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: qti.qualcomm.com, ip: 205.220.180.131, mailfrom: gmisra@qti.qualcomm.com) Received: from pps.filterd (m0279871.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 6325Vfx3091589 for ; Thu, 2 Apr 2026 07:01:47 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= content-type:date:from:message-id:mime-version:subject:to; s= qcppdkim1; bh=ciKuWIsXkmIoXJXYQzC+u080anumU8X0jZb1jSzvuNo=; b=Ov XZpWiE02TnSeNLp7KL9UQQDj9RTqc6tZbJ/kDLwSKXowtTeIIwyiI0UF6Rt7IUGt AMwDiu7BNOgMgjIJWAmZtO4vzjhCz9ybszZR7W00HNeEvJ4wpmyEqkaYFS52HsQo 9HlHEZ2A3tj11FO5qI1VdMo5FxrVyDlNKXWaVhVHfBbdQiUtAEVE8ITrht4qnQ6f lk5ee1Pe0F5pcmwqereVGCWO8mW6inp7x2QQMEnbSaI1B2yLySMcuzrlc3jBw7HA nab/x8yq/n7SVGu+63z4z7yqadLVww9RBlKJrynNUEvHTMiPX/lgRxFaIi2Nm1Pw ltOV7bfdNMmJZl/9f8MQ== Received: from bn1pr07cu003.outbound.protection.outlook.com (mail-bn1pr07cu00306.outbound.protection.outlook.com [40.93.12.6]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4d9jcu8bjh-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Thu, 02 Apr 2026 07:01:47 +0000 (GMT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Qj1zecFEylf0sF1XLFoe9BEULfa5wNOIwRX/Z8du3C9AgGbmvs17b5Gyq1zqH1Iwpu1mrFurCwH7rW9oCzmUCphQkAXHoJrEo6KPVF4v6W6ZfA1o3Sjs3llMeVXaK8iKW0kkWR0VyOf+93FnWqxii+N5tF4hRWWBubieTIPTkLHoEQAddC/XT8eViVtSbYamK6NBBq+8uKL0wkQl+9KPFc6iXVk8eQjPd6bRK4Xw6cPk0D/l8zr4yONOK90XUWQlPEG6t+0a26lfDGId3T7Nqd6ErOWdlz0yhZmp+E5cbiWwhASim8UsCkCd2IafybQVOJL85jK4FNGMrcVjpUWUUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ciKuWIsXkmIoXJXYQzC+u080anumU8X0jZb1jSzvuNo=; b=hV3rYAT8L2vTE/KY28W2QdYm8rrOrKDWyU37etc8CUdRaZn29Og0+2ZZOcMr+EEn4PdPfTIcaOs8kTkMlhhYaAvGNfnltPjfIMmhANQ0K/AaAXpf2Il6lYoXduS6lAv9uLiJ4vF6FEPTUK4CzqthahjqRgvL5QZ+BXIcriU/dphs3xPDPnuo9u6uGf0K6tlDA/DvIu6vYzjd/fGxdBE2//4uHqf3sxTJQic0TdHRdF5T0RyAHDg43hjQc2hWCzQxzEOATmSUZPMtQNWq2IeUYQiasQObhuWgk0PUT2WK8fBJkUfEaG8w7cSd5wMgfJ2VQrmABzVlwmOy3Gb8oq3KAQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=qti.qualcomm.com; dmarc=pass action=none header.from=qti.qualcomm.com; dkim=pass header.d=qti.qualcomm.com; arc=none Received: from IA3PR02MB11199.namprd02.prod.outlook.com (2603:10b6:208:542::12) by MW6PR02MB9878.namprd02.prod.outlook.com (2603:10b6:303:239::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9745.22; Thu, 2 Apr 2026 07:01:40 +0000 Received: from IA3PR02MB11199.namprd02.prod.outlook.com ([fe80::d20f:d3d6:cceb:337d]) by IA3PR02MB11199.namprd02.prod.outlook.com ([fe80::d20f:d3d6:cceb:337d%6]) with mapi id 15.20.9769.014; Thu, 2 Apr 2026 07:01:39 +0000 From: Gargi Misra To: "yocto-patches@lists.yoctoproject.org" Subject: [meta-selinux][PATCH 3/5] refpolicy: Added policy for systemd_user_runtime_dir_t to read tmp_t directory Thread-Topic: [meta-selinux][PATCH 3/5] refpolicy: Added policy for systemd_user_runtime_dir_t to read tmp_t directory Thread-Index: AdzCbnCoSpcItYpqRni/fnDCOK5Clg== Date: Thu, 2 Apr 2026 07:01:39 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: IA3PR02MB11199:EE_|MW6PR02MB9878:EE_ x-ms-office365-filtering-correlation-id: 526bfe91-ba5b-4a13-21b4-08de9085b06f x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|8096899003|38070700021|18002099003|56012099003; x-microsoft-antispam-message-info: TAOgA5SY+8AWr4YTYg2hAfKC1stvTXJbSkyRcHHdE3g32gaqQFSgvES2XMfvCrelMQHyP2Y2DcHkBimbRGWkhjYLToivg3MWx7v7opfhcca7ypJfV0I01yYnC1CaVQkefwUysGRwVdpeHdP2Nip9+lvK0NZAop5r8S6MRFCN5TLNaEhz6Sw4rsw1z2AyX1hT/2rMkimTXPF7L43bnaFfJjY3is9en997XNbGWWhqGV8gjR07JRWggqypKshKTj+CMawImW9MOW6fm9WSVvQZAwTvMSLAFUPyeUUy6DOax/1YcbqIc5uZAibTpFNdDP0RiRQJ+mMNWipBtQFSHbfCd/feiNHJRb9kKxhCByQIjeZaZV4tBHao56rv5rt1gB/AZvIzQJzKniMW6Huk4OwwjwwMCngAk9q5YpYlUHpVUNRN5cFjGMjNyiiujb4F2Eun8srQ4r0bTKYV9ru6/CGTiKqG/5mgHh9S0L3jjCmSo3A7keP69dyE36pI7JZCjTKWuFgun4uWzNy//o5KmNpQAhTtFWj/Spcat7RN1eb+TeJG8gPEqGo0YtzuEF0I69F8EcQ8ayVKqNeMfu6o/r8pG1uLMCq4bEzqNyagl7woW+fwurXyqOkxJE1XHAsbb9V8YpDIvQtRgaKCkiE986l+90yZbatc197vbieR0NFSPf+lRgV5MZ06FgbDk85nSzQZCFjAHL15QDHRNXZzPEaTNlUNMTJOc4A1JryOn2uVnXuKCWmu56BWoAuBaQNFYtHc x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:IA3PR02MB11199.namprd02.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(8096899003)(38070700021)(18002099003)(56012099003);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: /gPE/nuwVdybG1XcHFZrvGmCn3b9DtFLm3KdrZjCPsDNLlVDlwSt3dpZ1JFvsWXk6UzoRZD0UCmbR8MOpnvAKzBnLH0Jg5f8LI0E3ZG8UlljHtWateqhX95qa13RnkLJUrYUBLMDsLiEMcWiAZen35vivHbBRxbv2b42l1BuGJySnaK7MD9uq31CJNWVx1oQcl+RNqkSicWjMgrkDqaUcGUNCtu+/KClxbifgNfLkz66wOvZ9U3uZ6OC/lJ9tUWKAYv4xAysZZZq7z0syUPL/B2pCvhOspDwoM6nO+RbVp7VPJXIW+JD7j5jPvphuhs12VCjTLliBQok2NychR2wFjqo2ukbxCsg2XeLe20yXbi2qNWXy+p6f1MAHKLhbwJpVUjB8zZM5/fHF9RkmfabYIhKk5JUFmbtHHi6gpxf0ytzsmsFdl5aPGsK8UbGtyBYzkovFbo+G35m4TtCPV+knm+H5pX7ofz/542FTrhLEbzYUPYU2BtQkFqJXcVWuk5bKdlbclYEdLNuwCwrxgPIN79jcn9jziKh2IeKksrsxi8k63dcF63mvQtpfALVVDYftYL/IcBb4GC84SpLjDCZ7vHyoZuOGEl/GOeQ/WMCQAVcGuZfL+BVzn/rHfZ+gMWnFAvl/TSehywwNgio6h9poP90xe7hmv0eWfr0T/vxkGDlZyccDYL6sQbOCmokkuAEvQqVJcO0Xu9sLJ0DzumAfL5gfPkraUuguzvQSCf/nkAxFTJdL19cG++Vllu3oyIeqHrLb//Z9K5oBnW/cwrPX2Jl65AudHzKboDlgeB0j77kjwSeb06mcfkEJSxTn1u+tPHD+RsvQnm653N6rkadvdcv8z10OQUP4szo4nCXbpCqVEaxJZmCOtJhuHGJYkG+ddV1r09x3aeWFDmXKZ4zjOFs4Q7Q1fOd2KjZtRxp3I6Sq2Vqq+4sedUWoq5FgtUNUeOkYyvfnXigzh2uDU/azgMMpAvGJDEicoJbblWppElVJKSiKMDNYsHdZYKqXhucfWSUO4bz1ZuuUqZ1zc9WZ/raX2bXEjCjaCU33Uv8xOWA7H6bjk6aNYkTS19uZTrV+YcE1Lf062mT+N709vEJIGkmlW63D+VHSWjIJu9DRDy9XASP1rW484sIVZavReIICjMa30gOrrvAmAzcsjzzDgxvCA3sisTYlswsJCq8mm9p8mS3g2G4T4gVdj750MJJ7KHwFSeAqv0w6ViM5rRv5VoqRHzGKnFJDAC2U+Y8k4N/0hS4KMYtdFNeG9nZhgM5eTMvB/MRVUxH3StG9D8y5Me5L+pz/J8IIwqWL3qm6ZMx5nHeqkiwHpC65uobgtD8bmjWBl7A6qR7jqiLzuOExnPGJCtsnJIVxcO4GjVFog2l2VDV19tO73SWmXGIAx6TIlvP/7h1gyETHs3veMrGtlxWv5CbdBsQxRjCt3uF4Z1YNw4TMyi47HwFLa9W9QamzAwkPOFrSr7EqXpXOgrtguZh8i0hsz6c+rO9mlNCvyOKSZi75ljadZ47qHDQndq3z4n55zYIMXLxZj3ojSOEF///Eq6mSACbqwiY1Vc1GAJgjfudPgWWGsSCLfu7ntEkuwFq12hoaG5ZOczWaZ5xqhq4OKdxcqytcyXlQnmos4fy/lyzzbI8SBmXqS0+eYALi0FHu5FbqlRzTSmq3/scKjl+OTu3pe4ana99vIoE33GOLw+t5nQlo9lwck2INpjSvje4q9XvvdWQ6EC/wXZZDg== MIME-Version: 1.0 X-Exchange-RoutingPolicyChecked: OrwYCjRdf7c5T3C8XadcKhHIfTSaL84Gwv6H237+RJ+OkOAHSo3UZ/3MFJf9KpD7JDvQfkxt4iprA4gVbkWNTBef5WsmkHOa2FKcyu/exMC+OCc8oMkYOsESAhO9vKRws+C1FkIkYGwKQraDnmQEWP5Lzu153GzLGq/Hn7MnqX+6jXFHhSMLyBHq0+CleiYeN5U2PiEGoGsO7blPfWTQBvGrGJC/Qh2IRaRycgl71sQ2rT1niZitPqc9vPgUX5AFSDr4vp1pyyrEFlNaLTgqpBNI3d3iD7LrbqbYsxX8OnFzqsdMMiBMm13Inmw/1nrfVVOiSIlg0s3WKJO9Dtxaiw== X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: /XnHPJHEGIZPQG77Y+u6N9KfwXzbq9jPba5OD9fdvCnwqnHxkvamZ9CQCBZmgNIexw9vgha2Jg4zOr8kIwNDOtH6ivcGT0YwEb8fXIpNLZFt5dNBWGFHOQzprnnXZ+w7zj4hwvm32rqaJW3dvviiFc8dAsG1H2fI0VBl9n29V8FgYq3I02QGTZ3Ehi7fs0UGLlZ6NH682RO5s4nLER9Jqgpv2kEW/duX0mQYRQ3p5W8P2RSi2CVylsn2G2tVFFaxyVR9MjqiBir4efy/Yg9Vo0+9tscmX2Gbi1LN9kkG0VUZXUBQllwMrjoJugSjKaZY6dQvSwQ+a2Ky+FFVKpH1bWW+Fo44ar+6R3UW9EvJxkt6Ca89/6K0cEJeaVRmg6SZdkpsdgMVw6TMWfwrUe6WjkZYqhLbQA8yOf88GJs5gXtm72xiAIiNqI4q2b8f2vT5HRpDEAGb2fcQgztuzIYkUoFrMKW+ufMjXgiAcExhxK5B+Ih6f5xuxzNGs1q6v6ysa857yNX8zrac/CG3BbvNBArSG/6vuvCtE94C/8Ikox9M42fX3doOu0Fd6JeSu1UuCXKd1ao93gUHYCDF2KX1Es2iXRnh6pMFWADXro3znDEFW1nsOA8X0tBExB5PGBh3 X-OriginatorOrg: qti.qualcomm.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: IA3PR02MB11199.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 526bfe91-ba5b-4a13-21b4-08de9085b06f X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Apr 2026 07:01:39.7798 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 98e9ba89-e1a1-4e38-9007-8bdabc25de1d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: WUq5ZEATZEAx38IhrUfO9wlx+6blGQXxPCtutkB66m8R/k1hMIhCSP/BszzvxHGT/ClPONJR/JxkaRn9YlvXEg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW6PR02MB9878 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDAyMDA2MSBTYWx0ZWRfXw2JjXVY16UlB 0OwBZ2v3f3s41/cB0KWxo5YexCD3rHN6FL8rifq1dPi5b3jAPTTt2j9YKlQR8b+JhMwkDGF7jGF cv/KCl8AJNwYmRdjKB27VsMbDSh28zOOVVekT/AIWwrlDkb7uK2zyKxFo4WC+woS2M9hsvGiqo4 b3i7ElgJ/1Jw60MTZy+CY437DxVKpkwf1/7mGzVXfNPgiQrCf+Ks+Y7CAWdAJn2C2fVD88wSmdw SKeMBjqZhpMDhZ60GqnQF88yuSsnC746PLk3mNvfwClvoMeCv22DuCfbnXSJ7msx8cVm8PyQ7bJ vZV+wifCLYQTpw8UzvCoL/HVqlGltlzi6SwNuEjKL6hw7B4yxI+5BrJ6/2nt/fLC4IBvF0Fz8/t 7tve/h72XtB1ldfwh0aEtlveapq1WxWaIMnOa2T4GLKTBeC9u6kogzflWpjH/ngeGF8JkMQb1oB Ab+pExnGHd3mciUglSg== X-Proofpoint-GUID: KyNwgctswCcfff9j5kTNtZ2QglzjJyPC X-Authority-Analysis: v=2.4 cv=eYYwvrEH c=1 sm=1 tr=0 ts=69ce145b cx=c_pps a=vyniI6In/5XBr/U1JZq+ag==:117 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=A5OVakUREuEA:10 a=VkNPw1HP01LnGYTKEx00:22 a=u7WPNUs3qKkmUXheDGA7:22 a=3WHJM1ZQz_JShphwDgj5:22 a=NEAV23lmAAAA:8 a=EUspDBNiAAAA:8 a=OM8fqfX2V_RMQ9N6vYQA:9 a=CjuIK1q_8ugA:10 a=yMhMjlubAAAA:8 a=SSmOFEACAAAA:8 a=MFkjKvwAb_bD772jJ4QA:9 a=i99sqPLXTsBX12wG:21 a=gKO2Hq4RSVkA:10 a=UiCQ7L4-1S4A:10 a=hTZeC7Yk6K0A:10 a=frz4AuCg-hUA:10 X-Proofpoint-ORIG-GUID: KyNwgctswCcfff9j5kTNtZ2QglzjJyPC X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-02_01,2026-04-01_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 priorityscore=1501 lowpriorityscore=0 phishscore=0 impostorscore=0 malwarescore=0 bulkscore=0 adultscore=0 clxscore=1015 spamscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2604020061 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 02 Apr 2026 07:01:56 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/3606 refpolicy: Added policy for systemd_user_runtime_dir_t to read tmp_t directory avc: denied { read } for pid=1201 comm="systemd-user-ru" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=1 Upstream-Status: Backport [refpolicy: Added policy for systemd_user_runtime_dir_t to read tmp_t ... * SELinuxProject/refpolicy@eef80d4] Signed-off-by: Gargi Misra --- policy/modules/system/systemd.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te index 2cbb6a3628..63b105663c 100644 --- a/policy/modules/system/systemd.te +++ b/policy/modules/system/systemd.te @@ -2450,6 +2450,7 @@ systemd_stream_connect_userdb(systemd_user_runtime_dir_t) files_read_etc_files(systemd_user_runtime_dir_t) # read /etc/machine-id files_read_etc_runtime_files(systemd_user_runtime_dir_t) +files_list_tmp(systemd_user_runtime_dir_t) fs_mount_tmpfs(systemd_user_runtime_dir_t) fs_getattr_tmpfs(systemd_user_runtime_dir_t) From patchwork Thu Apr 2 07:03:44 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gargi Misra X-Patchwork-Id: 85131 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 54C41CC6B03 for ; Thu, 2 Apr 2026 07:03:56 +0000 (UTC) Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.10315.1775113428681450847 for ; Thu, 02 Apr 2026 00:03:49 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@qualcomm.com header.s=qcppdkim1 header.b=GWOU5L4E; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: qti.qualcomm.com, ip: 205.220.180.131, mailfrom: gmisra@qti.qualcomm.com) Received: from pps.filterd (m0279873.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 6326mD6c2798761 for ; Thu, 2 Apr 2026 07:03:47 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= content-type:date:from:message-id:mime-version:subject:to; s= qcppdkim1; bh=nMV2hbsq8iQ8S9qto9alPtDOp36f6AYDGEdL0rnL25E=; b=GW OU5L4EBuFL5TjA3fX4yNZsgidXb+lGPpzfRAAC5DvCTBBavAaWs9YNQM1tbcuT7d dmpftUUU1I+c42t8RQ99W5yXkZP0L/Sr9jKSoBOazg43U3CvbSfdiKKV6lkKoQou cCg0s8hTLF68mXCbkTyggQbj886CHMOKiOrTCj7iaqSAtpVNeftT+z2l0vyFSK9v jCtrPTi4O8z1mAt9M8jXp/nFCxJNBtqa77eJJVpS/77CdaYWDlw5+76HtrR8mAQy i9G+32qvg4WwlA6qIYAPDlsK3zuXUSwMNQ95CtG9G+VvL4LcBOR7GFrcRuvRUnnk 6zQrZeCP6rEDl25IizTQ== Received: from dm2pr04cu003.outbound.protection.outlook.com (mail-dm2pr04cu00301.outbound.protection.outlook.com [40.93.13.57]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4d96hk2sgh-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Thu, 02 Apr 2026 07:03:47 +0000 (GMT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Xz/GNuwlQZXMFGzAvgOIXhu5Yl7+PzJeIhT11z1iGVJn7/2Z25lyVPc53xarBHsHBo2/AA7I35tANl1qmftwOkvcWFw8aM157P4nnCkF1T9d4YfdPDAyfEryr+QEKTreD8m6FdGZZLanyt9tRKIJaieND19omxwmODnUvjmT82A/g5C8tqjvIj5OlNkNKxJQw+JXsiAUL7t1J09F4f/7bKT/507UjxWth2GoPf4atMRIFEx3gvo+tApfpcTs1b0Mn6uOC4ItvYOBZ/mBS5widBaoouvZMeuHd7/Vd6hVMPCITEj8FHnqw+TxoaYAtEDrDYMjxt6oL5F8+jmjaLlPUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nMV2hbsq8iQ8S9qto9alPtDOp36f6AYDGEdL0rnL25E=; b=tI0oWOj0dSnkPZKdJ5KDXBecM5Rz6jPmsDa4ZSidm/Jq4FIbMzYyAcNfH9lwq+W6gQugd5tn607Reas/tdFlSeQk2s9TW7QPfDDsBjIpRxMVzyClRWdZz2Cth+agZON3JwXSTHmsigZKiNfuylvwZAOaKlTQ4PRFrs+f1GMDbhS0qqKLizj13beFLBhYBI8h0xzC1gEyaLsHoRtTcR7D2DqkWc3k8M7w46XsEPyK5gAPjcZGmHT7FTOmZzhmk9du/fAg225AGOvKME78XHRdVn55MFhj7qrBM9iiW9hsi7KiV99jKPxumLdKzmISr8EYw8Ts/HNjqEehklKyceTfHg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=qti.qualcomm.com; dmarc=pass action=none header.from=qti.qualcomm.com; dkim=pass header.d=qti.qualcomm.com; arc=none Received: from IA3PR02MB11199.namprd02.prod.outlook.com (2603:10b6:208:542::12) by PH0PR02MB11318.namprd02.prod.outlook.com (2603:10b6:510:38f::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.17; Thu, 2 Apr 2026 07:03:44 +0000 Received: from IA3PR02MB11199.namprd02.prod.outlook.com ([fe80::d20f:d3d6:cceb:337d]) by IA3PR02MB11199.namprd02.prod.outlook.com ([fe80::d20f:d3d6:cceb:337d%6]) with mapi id 15.20.9769.014; Thu, 2 Apr 2026 07:03:44 +0000 From: Gargi Misra To: "yocto-patches@lists.yoctoproject.org" Subject: [meta-selinux][PATCH 4/5] refpolicy: Added policy for modprob to read blacklist-video.conf lnk_file Thread-Topic: [meta-selinux][PATCH 4/5] refpolicy: Added policy for modprob to read blacklist-video.conf lnk_file Thread-Index: AdzCbsJH+/vXbT5JQdyjwFlA1F8gxg== Date: Thu, 2 Apr 2026 07:03:44 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: IA3PR02MB11199:EE_|PH0PR02MB11318:EE_ x-ms-office365-filtering-correlation-id: 9df6d9fa-9cfc-41c5-3176-08de9085fab8 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|376014|38070700021|8096899003|56012099003|18002099003; x-microsoft-antispam-message-info: O560LODjPY3EaHGcF4Tm1FB/hK+VZq/HGJy9LD9ueQJLLeId8pGByHNhVzEwfnET/FVukDAVAB3l9eexTvpS6iaglRFbV1grAXLfMsTUAj1U/Ctn31uFt7SNGfT7e+Ef0BsraQtFPgg7gPdpISC2Lt0HybcueaOMIs85u1glM1t+t0MoShVGZvKd97IJ7srNOqW3nJQLEVic6dWiCxMcH6uFV1BP+C+7OJgPmFuvRp+6UG43cismoSnFUcaOa9wsqdWdYIEc3kAXvTXBY47JiEsmhQx8Ou9JrxGTr4OkQFtXoUVpAiQVubE1tKoS5Di9m86FOI/amEc7RmZvU6Nn+BJXNRLcWcHOTvxjdc6BiQ2cAL051H9QPT6LpaYzoTDEZ/esr2fRNLJOT6AiUYcatZhgNDfe3qt4JdBfdtPpsHnDhisB21Kr1UCYeFtIhxB3HKxVpHde7sdh56keOKWEISOLPa9BjFCWTGs+gurX21aGL0cEnlOM++SEdWIIHXuiWII0bJ6i2hePkzirLcGrRebDoBHPUpRQHH82kN8opLS5gKmuuzlIBjlBFCAARtMctFp+tnGkQ2eZJ2rj1qqrG/0D3jtJccaaRvY7sevUHhlTEclPFhGJ3XvY7VaHnDySBAwuBGh7NjgkInCXjEZemVEo4IdXsugEoLUIuDNzZfUNTvP84nZiXdBtL5weWjVlRRNdBTG9NmKa35aEPQXYHZprKXgsGrIGHNhE2n9Wdr+hUitcAaGN/HE2V6XKtXjC x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:IA3PR02MB11199.namprd02.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(38070700021)(8096899003)(56012099003)(18002099003);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: AnTUbfYn6HFc2wB3Qbr32RPsapwKrNrsFYATaF+JbAZYBWY0T1f5GaDfWBT+IoYW9emVAQR0Fpm7e3vAZhsrBH2EtC/SDZ29FiyBX4/Q/L4F7KDnGIYzBcx1Rgur7hdAekWpbwvhwuPCSvBHGOlkSW8kCYg36JAyfL26f27bzY1edRBT90DqkQGuudaXMwkMP0JlRN9EAEsjs/mxTeOGe1Q4tik3CshjiVY/LcOuCU7rHNsQ0xP/arcSgvmg4dFPrp0+wiV9pJCSzI5x+52pXst6IyUuCIfZ3hRNF0EXrlOLOJ/pLZyo+hbZ+39ioWqnVBdCvV7XUHOLxEPE1gZkT4/lBQ3/WQaZXmAFovvJfruAVirEJa8wp+TUc/Bjpje6pozneoEI4aBUZyptuhgTiA918jPMDQIbD+cDHDSj56xlpXBfgFw+mtWmPpfq2yJshoeTb4T9eTG+NtTDu2kpCNOCDMWFDX4nDblYJ7STaxetaX/j046sFpieONuvM4bYgcIpMbYjbYTimpuwYD/U63rX+6xcmdsxMznEw37PjAwmZEcIAq8ymWHOlEJGCoJT+KaysRjwzS+awAEBMhkS8MZDWHfuPw/2LKOfiA+10Pd6w9ADdIEsrH0V+XK9DvhMTP3ApbM4qc3XkDOmLIzofSANzyQTOMGT9EuQ2n3ktzYvdol0MqrvgHWVqAddwVZVKsvgHSgvQTveXs4IbcrxwMSa+9M6c3EjsK/VUVarICmR03YW9MRP1Z8/rWGplWLw+ZPMnt+4F6oxDYq+trQ+LQQTbjjyUdEW8sOdtNPqHmTkI2LOsOgo72MXEIV9jC+23eSjnlIMMwMP65hf2kKLxfJipOkxqZ6V+3YmKevh9NK+9ak4OmtlavUTum0ZBGNVXgzuj+elte1q1c+Z8nQ3H9ZS0TVjFxGlA0qzqEjZJJiwCh+JT4hZ2LQilIphnlm+yVelQ+aQ99hTb2pV/PHlAA2s8B3u2jEpJr4c9TV1ZcA3jPxHskxzXFjRZyZsNLsQnf9FpCpOzGPxEXLwH6zfEsrJqTR9MtLQPZnGHypnrzd2/rdIq1A15k3obdLBmbGllaXQUCwIlr7wIRphS6t1RD0NdpQ6GRRrt06pS6eWbR8c3bj1wCXM/qhJJoQ3pds8rGAvAYh5jvHm6iP+X+u4S43dq5TyOwC9TvroafmXhB7VjPQgh+28UhjujwoZe3A9v0E/5nFb9N/PCPgguMKzIn9U+45JPmZhjbjeO/2lLO0Klzhtdd2fWG7QEyvN5HkRlPfUUw4I8aSIMaON/u7SyZIffpRBC2iYzTZONqWv3PNtjxXXCi+QLoAvGYoQbcq+3V+zCtU7/mM0x684yAKkEMaHiVEYZncWAazZx/Lc7ve//uLptmUDDRf5tcZhrbXVgzGenhICz1j25IV6nzwvnWlIxjoi+KmZUMH8IjsjS1X4ykIu+43nEvDbovRFigClct3iqq4FsLeBtB1TuEdKO6Lh0CMbXoXvQScUNKQvhB7cI1+zCAx7XjB95mb2lrSwkw0tl+pZxrYJm32mGGvmelvgnipS8GgVsYGsoDPnsEjDXkUvD8lwyQGoTStmJhl3YE/F6dVU8O67zcehfWonSfkbwuftRTtgSmHCeiLguBoVc2TQx3GgVIYuOEinEZn6oCAdUNE8wkO8YRIRJqvSS0juJKOWNjmzezJOFwzjc5gPX3/lzHpag2bzkAiQusFS4iwnsITLgjb4+MYJSC/Hpw== MIME-Version: 1.0 X-Exchange-RoutingPolicyChecked: Pb1qWk/KkF7qGUUnx5I6joJ2VY1yi4eVHo5w67u3tphLuIwa0K5+ScD6O0DBx9ZKAIQ8mqcipvjXLHQ8lnKdR3V6cX/RhLZhLZAOTqzVCSBVS3ximFGt1eLqHJSQ8urEMNb6iqKnOCUM76Suufqd9x5dqv4ywOv8EPdpS8Cvpb57Jloiym3pXq6ELx6iuBdVKxHy6KeWgKyhnKqbfINIKgnoqhHcUGxY6HWb2Fv2pi1/a0Ka3ULDZyCDiUzLtI9zDt/AqbefENIp+7LnalhWI5gVU32kJB1cyPrjSMFQi4LpeIDS2siFeCTsD2iIcsXBseIcL6NZCYIcphopYYcaKA== X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: Vd/HyDBl+FBLr7FqJGE9SMruRPJtp0iHw+MSEPpfBYcj1BLLw8OOsTOgFILEHl61tmGy68+puR6bthn+TKthIPI+c/y4Sx8AHcly6F95NWTWsrX8apcAGS7o9zcudJeOZrd+CMIBujLBJp25vifF0mbN7BhCWyD7AgbAGjWCA0ZclAkP7rOJdJXWeu2yg3uPyixZQoEQEkCGhuys7SSzi9vkbMQJaejdWMzwCFdDKwWURNh5f/RSvUsDNi/DA9bbfXPZ8aOUfGEX0tGCcC0NS8qIPUk2/z3UFnhKmhjdinUldSEEwQGRpTaBFt6yfMqTKTd0a0RK6lhefflgtMSjQ9RRFz2yI5xO4rKN2Jz+ipjBgdHssPpRpIL9FIK6C9FybCuyeR0wrOV9pOdbE6bV2tUK60c33kY6SUJUzK4BJUHzRNiP1OfrhzfzAsxlYjeXx3wUfgsRk1iNw7v4gjgMO6KAJJV4AtrtSa6G9KqCvdWyRa2gt5uFjh1QrXx8uDjMQe0z/ekDCzdAvigH7TSGMfLalDBS5c8+oN/GqX4eHY6NuOWoypx3W1B9lYxF6wTe2e98t/PXehInYhnW3j1sIi1bgsMHWYxiPuAHEIxrtjeqxlkDKVGsrBVeSJ2E0YJU X-OriginatorOrg: qti.qualcomm.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: IA3PR02MB11199.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9df6d9fa-9cfc-41c5-3176-08de9085fab8 X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Apr 2026 07:03:44.4166 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 98e9ba89-e1a1-4e38-9007-8bdabc25de1d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: AeITOQ/hZbHpUqevttiySIwYpz6RxwJo8pSy0R0jFt5DtZWN7EvdTCxsO3WXAF+r3cMwy+r6K3SPH85qBifcZw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR02MB11318 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDAyMDA2MSBTYWx0ZWRfX8kx6CsDcuqqg DX0IsiLL/4k7/5DW8NIIsHwKYQNUglgSBd+AQTs9vm5mbgCYP5beFvJRiR+4K7qPhmnZkm8ycWt 3lUn/iPhPgD2ky1AR7+whmYcamnC046HXHan5HSnY5MU3+qGGPlQLspMnPCaZi6XIKZ/3mWxLkr ETpyks2cr4gjUxM8c5UWIanZLvLDRbeZA7osjZ53vy9Sxy8c9UdgPmOVXcEHauebzWm1wZKLmK1 nv1z78ToXB3NrsU8V3ppD9xjqCC98kra++V8GRChw7OF2hjKsh7mRsAJLllBLHIV1QGB9E+LJrG 0OtP9IY+j8f3u+nArwfoWDEW8skSo4VwzBPQaEzIOGBUSEFYPRX+PigErDAD35bCvgWp+b1lUao Qka4WAsNFvWEvwQWPdqnrhHYqN58URT/cVuNDpKHsVjJ9PmeY1KNYW7P4YkEHSps46gTEGJxtN8 R/mJWY2sc+GiM11Oogg== X-Proofpoint-GUID: 0Un5oISU79c0TIaIfy4wMvdkUD303-4X X-Proofpoint-ORIG-GUID: 0Un5oISU79c0TIaIfy4wMvdkUD303-4X X-Authority-Analysis: v=2.4 cv=e9ULiKp/ c=1 sm=1 tr=0 ts=69ce14d3 cx=c_pps a=y3Q9mg33rxtftU4vhVNh8Q==:117 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=A5OVakUREuEA:10 a=VkNPw1HP01LnGYTKEx00:22 a=u7WPNUs3qKkmUXheDGA7:22 a=rJkE3RaqiGZ5pbrm-msn:22 a=NEAV23lmAAAA:8 a=EUspDBNiAAAA:8 a=oK2_imTTR0HNk6CiXMEA:9 a=CjuIK1q_8ugA:10 a=yMhMjlubAAAA:8 a=SSmOFEACAAAA:8 a=n6xKDSJxxDTCZPJOP1AA:9 a=JkReuXt4R72UMrVb:21 a=gKO2Hq4RSVkA:10 a=UiCQ7L4-1S4A:10 a=hTZeC7Yk6K0A:10 a=frz4AuCg-hUA:10 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-02_01,2026-04-01_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 priorityscore=1501 phishscore=0 bulkscore=0 malwarescore=0 clxscore=1015 suspectscore=0 adultscore=0 spamscore=0 lowpriorityscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2604020061 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 02 Apr 2026 07:03:56 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/3608 refpolicy: Added policy for modprob to read blacklist-video.conf lnk_file avc: denied { read } for pid=774 comm="modprobe" name="blacklist-video.conf" dev="sda2" ino=342 scontext=system_u:system_r:kmod_t:s0 tcontext=system_u:object_r:modules_conf_t:s0 tclass=lnk_file permissive=1 Upstream-Status: Backport [refpolicy: Added policy for modprob to read blacklist-video.conf lnk_... * SELinuxProject/refpolicy@aa35084] Signed-off-by: Gargi Misra --- policy/modules/system/modutils.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/system/modutils.te b/policy/modules/system/modutils.te index 7355255e0d..fa06e9ec37 100644 --- a/policy/modules/system/modutils.te +++ b/policy/modules/system/modutils.te @@ -45,6 +45,7 @@ allow kmod_t self:key write; # Read module config and dependency information list_dirs_pattern(kmod_t, modules_conf_t, modules_conf_t) read_files_pattern(kmod_t, modules_conf_t, modules_conf_t) +read_lnk_files_pattern(kmod_t, modules_conf_t, modules_conf_t) allow kmod_t modules_dep_t:file map; list_dirs_pattern(kmod_t, modules_dep_t, modules_dep_t) manage_files_pattern(kmod_t, modules_dep_t, modules_dep_t) From patchwork Thu Apr 2 07:05:28 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gargi Misra X-Patchwork-Id: 85132 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 703DFCC6B00 for ; Thu, 2 Apr 2026 07:05:36 +0000 (UTC) Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.10288.1775113531089268877 for ; Thu, 02 Apr 2026 00:05:31 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@qualcomm.com header.s=qcppdkim1 header.b=PxZM6M/5; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: qti.qualcomm.com, ip: 205.220.168.131, mailfrom: gmisra@qti.qualcomm.com) Received: from pps.filterd (m0279865.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 6326q04M3745952 for ; Thu, 2 Apr 2026 07:05:30 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= content-type:date:from:message-id:mime-version:subject:to; s= qcppdkim1; bh=daiEkRZYPnThkUinlctOnzBQpkom7HdC5bN1wMi0rD8=; b=Px ZM6M/5DOxwXLTKfA1neuBUNsgD/qAcrdKnKkKMip4OlygHW+7E/GKj560RfXqWAt qXG0rnOJqg5vKP9xwFvlkQ2ILxe7nstELJc/Wf6/v1w2kch6+Y5w0t5l/8lVVk98 Kgi+Z3EP0aaMe0rJTxNi5RVfkq/4iG7IbewpGpA6VN0tb6fihAthioG5f4dbvkGN SBNNJ6uuJ48E8hPbrOcxTplODEIfob6EZ3vja/2/tpXUU3tJpgIDss1/q2t9Aqbe IjX8J8Zs1qIbVwjsalYEA8qcg1qNZhU0jhyaL7VaVxXaV77pP1vEZAJW8od0BWXn oAUyApyw0Mvs+WoDlPPA== Received: from dm2pr04cu003.outbound.protection.outlook.com (mail-dm2pr04cu00302.outbound.protection.outlook.com [40.93.13.58]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4d9324kwau-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Thu, 02 Apr 2026 07:05:30 +0000 (GMT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=AaQHf5A7US5FnfK4CFeHxpNeF2GzMJCaEfhxtAKLZAeH2mjH+8LxviwxHxyfSAz28CyVbice2QqWyhyOcGFgP0xNgF52qN3HIOxCrKSEqE94zoc1V6/TCEwwJRynR34vcFcbPcLiBue8t2Gf225GR1LLnFY/UkM/dF3vEO+1+EzzvJUAqWY508Kqk2eaiqkXATvWFZTjpSz+R8bqKvfbeBOBSpeaRICFUHbK5Rq0SyFOEtDUDVu6Max8zlIyS9oKMgvOFc7WafIwhvNK8El3NykPmzq0JmfJWR+f/uMFZETLwE8dYSpsvf0h4B4TCkxTflpgDBXdAKPnawM1rGLTJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=daiEkRZYPnThkUinlctOnzBQpkom7HdC5bN1wMi0rD8=; b=lUNYAGd4xTTPpRih5cSkqxemQYgbwEs6AkNv2T+26hCBOtAnrU2ltA1kJLGRaK6sR0i18rOzkVGcsnHg/3eb3EekvTsEJ7A0fgwgyrLPz+QTTVPzuniZIWgr+l1bFcAYiIAMFJsHrsHZSA8+b7s4CvyDQHsIabBTaXDaVWmzraauYZOo9buwDIk1eydM9k7hdSnCTj7MlfmlhfQMc9ICg0tprJC9xkGBDbryicayYl5JP9X/ESLqocTx0jfy0Xjs7PuvYgz828vfJYeYNQXXWjAEWt5Dy0W36jeGboOSFJfoJf8KKxkbD39aGlrw7HnQSrHktiwTxB3ymODUzxj4YQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=qti.qualcomm.com; dmarc=pass action=none header.from=qti.qualcomm.com; dkim=pass header.d=qti.qualcomm.com; arc=none Received: from IA3PR02MB11199.namprd02.prod.outlook.com (2603:10b6:208:542::12) by PH0PR02MB11318.namprd02.prod.outlook.com (2603:10b6:510:38f::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.17; Thu, 2 Apr 2026 07:05:28 +0000 Received: from IA3PR02MB11199.namprd02.prod.outlook.com ([fe80::d20f:d3d6:cceb:337d]) by IA3PR02MB11199.namprd02.prod.outlook.com ([fe80::d20f:d3d6:cceb:337d%6]) with mapi id 15.20.9769.014; Thu, 2 Apr 2026 07:05:28 +0000 From: Gargi Misra To: "yocto-patches@lists.yoctoproject.org" Subject: [meta-selinux][PATCH 5/5] refpolicy: donotaudit rsyslogd for net_admin capability on self Thread-Topic: [meta-selinux][PATCH 5/5] refpolicy: donotaudit rsyslogd for net_admin capability on self Thread-Index: AdzCbveT7eMirkQsSPWTlkv+Wf+gHA== Date: Thu, 2 Apr 2026 07:05:28 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: IA3PR02MB11199:EE_|PH0PR02MB11318:EE_ x-ms-office365-filtering-correlation-id: cc985978-943f-4436-8245-08de908638e2 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|376014|38070700021|8096899003|56012099003|18002099003; x-microsoft-antispam-message-info: JCesEKbspU7ES2fk8etHevD9070FhaROyERc6/SWiKyMwvDgo++Lg1ppgROfKufMGB4XiyL9uDWV+oSrVej4yVyZk7XDziKxC9IsxagQanBkaUh2fYM5a1hsPRJ3ZJuyzNVqBDHRLtoYv5UO9Pq/3T2PmZhNgYeU+YaeqgPdnS/xFuaordm4je7coTJqWUGjHQ8cZxN5swXdifRpIejCBzcwU5xmovH35n3Y4M2mblbU2n1nxbmbXaxTFzOgZUEyFZZAzbAglqYd2zGRnSOhfC5J8MmBHzJfgT9KZjj9vDzhJ7ESUXXQaQzyE5eUcbv+ugltmvlX3feBYLqsJfX8KnhoO3iM8B4jCfHwZM5Mz8CeBlIM8cQiboej9qZERjSbDgwdMgDRU0Fl4GiYDoEt6EJt2F/l/7GEZfvaZqXPu4Xjmu63zyV9LnPXNhG+tisa46RUo32SwpxicVHU6cXB4N28Dft0iAF3Z1kJXmFkhVXvlMoXmNGxlPjEgiHnciFxdV1Y1Kt/8jeI/mTxYXwEPouSvo5kMV3/LmZfceakTdJKWq38u/W/TFAUBYli63GnBUheOV4T28zqdnvcQhQoj+b/Swk1vehvw/hZljAN3vzjfVkvgJ0o9gQJAbblihiLrEl84eA82HHCZYEBo/BbEFGIRv3SiUNXy6eFuLIdFu3VHas0PpVqzwsjdKMDpnBJyrwGhBA3XAK6L55HPjLFpq05HVeMElWyuzbgbVmlf+0lnMO2b+56iekTpTIepUSF x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:IA3PR02MB11199.namprd02.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(38070700021)(8096899003)(56012099003)(18002099003);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: dqP5Qkdca/daCIm4/RYcLTBhd96gvTb63On3+5K9IsoM5mcm9ufZlYlr4k7TcrlWQ1zP2sOK+Vc695XG2xUgNKhrd6u7BSnlTkRH8EzqXJdvEpmKYQKEfwO1ilFV3ejkxxvF2vNvpMbggGOeCWRITT88iMKz55Ed3IGJqW/S7i15I8VxQ22Nmem0b7fpHQq4z9mbekdzLkOhLssDAPYklfKD8WMwkvJcqBTDMiZWAcYTqfB/e3rPAwub1bH7reL/BU7Uf2oZRDZqFwPYqFmVc6WRWw1IVw1hle8S5ydCUJwwLIQXHm7akY1Eew37gHF7JcESa9G4JU1qzWOjg2A+A+Hofax8Cfbe0KHimBHmFmDwCvRLdQFXjEnJOocLDfbB+MO6V7Yh9BzAjWH1qHRKjlp27mxTircUAG16HYV3/ToWW09nn+x92HOhwg576fqNxbjbsxevke8OLAL26eMcWOUUq3fgx7gTC6kVVhLu8QAoswL7w/FoZ7EqGw988ol8ZF2//TUROkBAK7Lu/q1fS9QwNm2uActxD81u4b8g/k47cAfo52RLGuQ8n6wUQiS2fnlKHR+5HTXPhFmZrroqC3ZbP7gFMIcJgp69htK2MFHoXOgjRxjSx9LXVN7adXvyRiNIwMU7d3TqhqOckgYCy8zU5XCoajWqxmC0aNYtB8sJXemRPPqIRzwVnhvvSTy0oAMul2wMWHlNn7qMaGyGLDFBD6Ik+PaojxPkWW/8zLgn52H8nVN1x8hIkcBfoLRvU383ezARA3GiJgX3zFPmKXByTDa3mj5YhEaVd2vuW8tUfuGAqEz9ULagtOpyXjCMIbfgZV0Kr6GIaRv4TyV22ot9Tt2u1QN/RBRQDssw+lzLtofbpcMoqcKT5ELmhu00PLUGNO6lWuwy9hKMU8sHlW+9MFFW3qF+x+9/p7BhryvbLdDWl9qisA8+WTZV1M5zjAFzWOG2bngaZ94uweuWEOowGqO08a2+w6dkj9DDmpEOqI1QAxacViSbQHOTwfAr1U152peb0pyB95uYrv8HLmijCd1BpsNRKyDS0x319r/tAwPZaKbq2j5RX5Q4f1VIOdGzc+dfkIZItbF2qQeG1PreuRWkbvPMReuL7INKoCxcOSQMTuf6q2iVg+RFhF7LDzReaGvqxrCXLV7avo94DuaVxjt9kHIyLvXNlanAZo1P+9/yX8B/8acc9A2x7lTKInTAf/mleQXdlSWMthkOE7Y435XNMY+0sYxWxDycm1g1BBrJK5QJer3oObcYp3d6CKjoPklir8wAMLnjGIrIlV3xAeN4NJfKHp9XzT/8m+DeI/7oEbVSFfM1c6TTsqb6QRqqavp5/7O/OaXrpF1voK+cKoR2m5bTietuw9QYvXhFhIuXfGGyNOEr0IBd2YzrhN9VSciaq+OHTqeyl8SG0m+jxBaIiaEVK05zFLygr8tPdb7fevluwHmIial01xRGGxhaIVrszLC0eHTf8Oxk0nnsIGT1V0cUaGkISkhDuzHUUzM+C64YDk0SfB3jbv/DeM131JAO8D3tvb84W7uaWmG7U56cTnW8HML8p31qL1m3sQkK7Tgclmy+AoJsuupNvRUfvL8uGBkPc6LJFBMP6CDbbDr4jtSVy/afa/8iJm9hMBJqhy2rzjREbaKIGZwf/ebFcVdp5fNaaVM9mxZ4zBNgBMYPlccxiMBh++3je33ppsTpnVq6WbTp5fkVycsozIpl152yS5+f/FPFR/NqhQ== MIME-Version: 1.0 X-Exchange-RoutingPolicyChecked: kMOOF7RFXvxW1EiCgRfWdaIrKEN0lhDwlglRgEmjU3X5vVI8HzXLO6JDZ7uXU44NdpE1Ed3zaxRavDqbNoBEezi6LPfi3iYL1mgQRwN+Pvep4OF9wzBpOekVtS6bC8jwK0IYLkDxktUG5+YofJ/upChUc4BWewHudJjmMh0CICwLQe4ihwFkuePniXnZRPJ0fQvLAI15qEH+jg7QI/P3DqFm5bPzGpOuXXo/Dwkln8WyMJnMyjvi4bllDF2o+kgdCm1dwSaO4D5gOI6zjZMooqiLwG1lUQilKsM7gvbrqiS/oQrayk9rIw6bf42iCBoK3wx5XWSRBtfbi/XIDBxPlw== X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: toy8bp2E9tOJdgfkFD7isazVPffMq2vOcUBoNOhPNn0iXkSEkNMfNpuEcwSLL7avQ2i/Nii1VFjvUNPuHjL0sXVS+wX//KLB2yT/Ad5NqeZaevea2JBWnN/R7HR2mhzlhNLQzA3SxDNSRR4MfokzIVn/nR0lY5YRLroiFnI71mJnrqQyFvzJnWtOBUO5Xbp4rNp6F+ZW/GYNf3pvnFSk/z0QIiFdOtrzXoRRfZWz2UN6lJd+ZtjWjbLil3BJTb52ROnpp427zhz0KPS4e5/6HV9brKJrr03ky1hOPWoPC7hPiV/HEtBeJIkT65Y+GCf+OoPJwwTTFwn51Vr4RGISdo51wUFjD1+VKjQ2mwLhF/s3rPwEnixWbWpfQ58PjhEhm8W3+r0xiGVlcQI3sdqejfMPADbhg6UWNdwlYY1sIAfXiX8juk7O8lJrnCbeM5b14Lf/6Wgx6Scyuu2PXNwzJ+SEYMCCifDgK/Nqvg1qamE4aNpW5XaA5bBHY27mIi0pdMvzx724aSX8lszLjlVxzNKi72O41HtQR7JYZuhufJQsIqRPnya2XYrQP4KXr8/FaCY0gTtIOJTz6qMvvRV4nY0GTU5yR+VWol41LSPBnvvt2o638guhSx6I3o0wNS9E X-OriginatorOrg: qti.qualcomm.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: IA3PR02MB11199.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: cc985978-943f-4436-8245-08de908638e2 X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Apr 2026 07:05:28.7050 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 98e9ba89-e1a1-4e38-9007-8bdabc25de1d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: vtAuXkiK52rQhkI72nOzY11Cj8QLbJa3PDkZ3n1MWtkIShin81zjJhs9g8pUKRYESvQR+v4/h+yG9K1gSJCWfQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR02MB11318 X-Proofpoint-GUID: DDBGfp2km0iHfKXooM6sQW_gD-46TMpa X-Authority-Analysis: v=2.4 cv=TKBIilla c=1 sm=1 tr=0 ts=69ce153a cx=c_pps a=1HtwilQDvHI2YA4O/KCv+g==:117 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=A5OVakUREuEA:10 a=VkNPw1HP01LnGYTKEx00:22 a=u7WPNUs3qKkmUXheDGA7:22 a=Um2Pa8k9VHT-vaBCBUpS:22 a=NEAV23lmAAAA:8 a=EUspDBNiAAAA:8 a=50YQJQeRvSoVMKN6iSgA:9 a=CjuIK1q_8ugA:10 a=yMhMjlubAAAA:8 a=SSmOFEACAAAA:8 a=t3Xqqeb88XhHY6j-vlAA:9 a=xOvUGthomhZvmT7E:21 a=gKO2Hq4RSVkA:10 a=UiCQ7L4-1S4A:10 a=hTZeC7Yk6K0A:10 a=frz4AuCg-hUA:10 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDAyMDA2MSBTYWx0ZWRfX8gQDrNXQi2mp 2LZDldCUYPVibYHVrSZ1ETERQl+0VJJhQOZI4uFGQH0hSBZffRs6tOgjWq7TndMvsxgk3kuegbV LhUWyk2dF25GQqx4swFtfKU4MPsB4KLxDZJp4ZAvFF7v8UKHKVXk6SDhDtwvvDC8MVi2zoHme1v dWFR3UExl9szQW2s9wkzf/dHySlr3xylz9mjOUL5qeSqoDO5eYEs/dp7mLvO/OfHkbe0xUc2IYH h5qCp25Q32v1spGZ5w4MKbQMVEPlTC/hsDHzASscFeOxOMwpeQH7V1HumAj64pvc8wjpmdDAcBT pyhyu59+8E3cfsvQpc2oewpIESV+eZOgN89Uux/ivzytHquxVEJ5LEob/7oJpBNvGqNHRZHhrKZ VnuKSvuS56XjtTQVeXr0DHKAcvttRK2oIO06ZHOHGdOqsTgXzzr9cNkgjZBQ+hPP55ef7r2yqNd dxY8qgF1+AxD2gnDW9w== X-Proofpoint-ORIG-GUID: DDBGfp2km0iHfKXooM6sQW_gD-46TMpa X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-02_01,2026-04-01_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 adultscore=0 spamscore=0 priorityscore=1501 impostorscore=0 malwarescore=0 lowpriorityscore=0 suspectscore=0 bulkscore=0 phishscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2604020061 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 02 Apr 2026 07:05:36 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/3609 refpolicy: donotaudit rsyslogd for net_admin capability on self avc: denied { net_admin } for pid=1360 comm="rsyslogd" capability=12 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tclass=capability permissive=1 Upstream-Status: Backport [refpolicy: donotaudit rsyslogd for net_admin capability on self * SELinuxProject/refpolicy@9ff571c] Signed-off-by: Gargi Misra --- policy/modules/system/logging.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te index 0ba5d3d8b6..314b2559bf 100644 --- a/policy/modules/system/logging.te +++ b/policy/modules/system/logging.te @@ -399,7 +399,7 @@ optional_policy(` # sys_admin for the integrated klog of syslog-ng and metalog # sys_nice for rsyslog allow syslogd_t self:capability { chown dac_override fsetid setgid setuid sys_admin sys_nice sys_resource sys_tty_config }; -dontaudit syslogd_t self:capability { sys_ptrace }; +dontaudit syslogd_t self:capability { sys_ptrace net_admin }; dontaudit syslogd_t self:cap_userns { kill sys_ptrace }; # setpgid for metalog # setrlimit for syslog-ng