From 72f956a58290f30f181a8f3411db495a9d06d267 Mon Sep 17 00:00:00 2001
Message-Id: <72f956a58290f30f181a8f3411db495a9d06d267.1645092963.git.maciej.zenon.borzecki@canonical.com>
From: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Date: Wed, 2 Feb 2022 09:36:44 +0100
Subject: [PATCH] data/selinux: update the policy to allow creating/removing
dir under /etc/dbus-1
It is possible that system.d may be missing if no services were installed on the
system yet. In which case, snapd will create the directory and thus trigger the
denial.
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
---
data/selinux/snappy.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/data/selinux/snappy.te b/data/selinux/snappy.te
index 948280ae7d17430f1ad4ddd25e0d7379aae7f575..4d416fe63ee1287d3e9c08c957fd2f26a5716106 100644
--- a/data/selinux/snappy.te
+++ b/data/selinux/snappy.te
@@ -157,6 +157,7 @@ selinux_get_enforce_mode(snappy_t)
optional_policy(`
dbus_read_config(snappy_t)
allow snappy_t dbusd_etc_t:file { write create rename unlink };
+ allow snappy_t dbusd_etc_t:dir { add_name remove_name };
allow snappy_t dbusd_etc_t:lnk_file { read };
')
--
2.35.1