From 0f07334a1722510431a83afdd5b94df6d0c2ed0e Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Tue, 22 Oct 2024 21:53:18 +0200 Subject: [PATCH] Label /etc/sysctl.d and /run/sysctl.d with system_conf_t Resolves: RHEL-56988 --- policy/modules/kernel/files.fc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc index 6c93705087..75afb8eab2 100644 --- a/policy/modules/kernel/files.fc +++ b/policy/modules/kernel/files.fc @@ -62,6 +62,7 @@ ifdef(`distro_suse',` /etc/mdevctl\.d(/.*)? gen_context(system_u:object_r:mdevctl_conf_t,s0) /etc/sysctl\.conf(\.old)? -- gen_context(system_u:object_r:system_conf_t,s0) +/etc/sysctl\.d(/.*)? gen_context(system_u:object_r:system_conf_t,s0) /etc/sysconfig/ebtables.* -- gen_context(system_u:object_r:system_conf_t,s0) /etc/sysconfig/ip6?tables.* -- gen_context(system_u:object_r:system_conf_t,s0) /etc/sysconfig/ip6?tables\.save -- gen_context(system_u:object_r:system_conf_t,s0) @@ -211,6 +212,8 @@ ifdef(`distro_debian',` /run/motd\.dynamic -- gen_context(system_u:object_r:initrc_var_run_t,s0) ') +/run/sysctl\.d(/.*)? gen_context(system_u:object_r:system_conf_t,s0) + /sandbox(/.*)? gen_context(system_u:object_r:tmp_t,s0) # # /selinux