Allow journald write to cgroup files

The commit addresses the following AVC denial: audit: type=1400 audit(1690227161.760:5): avc: denied { write } for pid=567 comm="systemd-journal" name="memory.pressure" dev="cgroup2" ino=1903 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:cgroup_t:s0 tclass=file permissive=1 Resolves: rhbz#2223218
fedora-selinux · Jul 26, 2023 · 45c3cb8 · 45c3cb8
1 parent 4da76ce
commit 45c3cb8
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
@@ -645,6 +645,7 @@ fs_getattr_all_fs(syslogd_t)
 fs_read_efivarfs_files(syslogd_t)
 fs_search_auto_mountpoints(syslogd_t)
 fs_list_cgroup_dirs(syslogd_t)
+fs_write_cgroup_files(syslogd_t)
 
 miscfiles_manage_generic_cert_files(syslogd_t)