> On Mon, Apr 13, 2020 at 6:56 PM Sreyan Chakravarty <sreyan32(a)gmail.com> > wrote: > > Hi, > > There has already been reported a bugzilla: > > https://bugzilla.redhat.com/show_bug.cgi?id=1797543 > > A new domain is needed to confine systemd-sleep. As a temporary workaround, > you can create a file with the following content: > > (allow init_t swapfile_t (file (getattr open read ioctl lock))) > > insert as a custom policy module: > > semodule -i local_init_swapfile.cil > > and then remove it once the policy is updated.
Can you please tell me what is the difference between your method and running: ausearch -c 'systemd-sleep' --raw | audit2allow -M my-systemdsleep semodule -X 300 -i my-systemdsleep.pp This seems to be more permissive compared to your workaround. Would I be correct ? _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
