selinux: Permit read access to /var/lib/flatpak

It's clearly quite important to have read access to /var/lib/flatpak and it's contents. This explicitly permits that to avoid running into SELinux denials. https://bugzilla.redhat.com/show_bug.cgi?id=2070741
2026-01-27 17:18:11 -05:00 · 2022-04-12 22:33:11 +02:00
parent f8a9153d0e
commit 8617ab0ad0
1 changed files with 2 additions and 0 deletions
--- a/selinux/flatpak.te
+++ b/selinux/flatpak.te
@@ -13,6 +13,8 @@ type flatpak_helper_exec_t;
 init_daemon_domain(flatpak_helper_t, flatpak_helper_exec_t)

 auth_read_passwd(flatpak_helper_t)
+files_list_var_lib(flatpak_helper_t)
+files_read_var_lib_files(flatpak_helper_t)

 ifdef(`corecmd_watch_bin_dirs',`
    corecmd_watch_bin_dirs(flatpak_helper_t)