[PATCH 09/10] chromium: watch etc dirs

From: Jason Zaman <jason@perfinion.com>
To: selinux-refpolicy@vger.kernel.org
Cc: Jason Zaman <perfinion@gentoo.org>
Subject: [PATCH 09/10] chromium: watch etc dirs
Date: Sun, 16 Feb 2020 16:54:21 +0800
Message-ID: <20200216085422.36530-9-jason@perfinion.com> (raw)
In-Reply-To: <20200216085422.36530-1-jason@perfinion.com>

From: Jason Zaman <perfinion@gentoo.org>

avc:  denied  { watch } for  pid=44464 comm="ThreadPoolForeg" path="/etc" dev="zfs" ino=1436 scontext=staff_u:staff_r:chromium_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=dir permissive=0
---
 policy/modules/apps/chromium.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/apps/chromium.te b/policy/modules/apps/chromium.te
index 255ef557..0e8cc1e5 100644
--- a/policy/modules/apps/chromium.te
+++ b/policy/modules/apps/chromium.te
@@ -156,6 +156,7 @@ files_search_home(chromium_t)
 files_read_usr_files(chromium_t)
 files_map_usr_files(chromium_t)
 files_read_etc_files(chromium_t)
+files_watch_etc_dirs(chromium_t)
 # During find for /etc/whatever-release we get lots of output otherwise
 files_dontaudit_getattr_all_dirs(chromium_t)
 
-- 
2.24.1

