From 8617ab0ad0243f5ae78f505041566b16d8bb45db Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 12 Apr 2022 22:33:11 +0200 Subject: [PATCH] selinux: Permit read access to /var/lib/flatpak It's clearly quite important to have read access to /var/lib/flatpak and it's contents. This explicitly permits that to avoid running into SELinux denials. https://bugzilla.redhat.com/show_bug.cgi?id=2070741 --- selinux/flatpak.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/selinux/flatpak.te b/selinux/flatpak.te index 0bb77631..e1fd4377 100644 --- a/selinux/flatpak.te +++ b/selinux/flatpak.te @@ -13,6 +13,8 @@ type flatpak_helper_exec_t; init_daemon_domain(flatpak_helper_t, flatpak_helper_exec_t) auth_read_passwd(flatpak_helper_t) +files_list_var_lib(flatpak_helper_t) +files_read_var_lib_files(flatpak_helper_t) ifdef(`corecmd_watch_bin_dirs',` corecmd_watch_bin_dirs(flatpak_helper_t)