1 |
commit: f5fb96b1a6cbde18dcf9bde9b29a84fb81acdb1e |
2 |
Author: Guido Trentalancia <guido <AT> trentalancia <DOT> com> |
3 |
AuthorDate: Mon Nov 9 14:43:01 2020 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Nov 16 09:03:43 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f5fb96b1 |
7 |
|
8 |
Add LVM module permissions needed to open cryptsetup devices. |
9 |
|
10 |
Signed-off-by: Guido Trentalancia <guido <AT> trentalancia.com> |
11 |
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> |
12 |
|
13 |
policy/modules/system/lvm.te | 2 ++ |
14 |
1 file changed, 2 insertions(+) |
15 |
|
16 |
diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te |
17 |
index 23eaceb2..58517502 100644 |
18 |
--- a/policy/modules/system/lvm.te |
19 |
+++ b/policy/modules/system/lvm.te |
20 |
@@ -177,6 +177,8 @@ allow lvm_t self:netlink_kobject_uevent_socket create_socket_perms; |
21 |
allow lvm_t self:sem create_sem_perms; |
22 |
# gt: the following is for sockets in the AF_ALG namespace (userspace interface to the kernel Crypto API) |
23 |
allow lvm_t self:socket create_stream_socket_perms; |
24 |
+# gt: the following allows opening cryptsetup devices |
25 |
+allow lvm_t self:key { search write }; |
26 |
|
27 |
allow lvm_t self:unix_stream_socket { connectto create_stream_socket_perms }; |
28 |
allow lvm_t clvmd_t:unix_stream_socket { connectto rw_socket_perms }; |