Merge "Allow snapuserd to inotify watch /dev/socket."

commit: f855bc1231ce2688f3973b43a82b872e37786660 [log] [tgz]
author: David Anderson <dvander@google.com> Thu Aug 05 16:40:57 2021 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Aug 05 16:40:57 2021 +0000
tree: 6342ac552fa46e72903477734400549a4cb9a768
parent: 1644afe507c8b2840ecc502dc8da6de7712e4570 [diff]
parent: 136b4ea8736a514f2d40582299db57c504fd0635 [diff]
diff --git a/private/snapuserd.te b/private/snapuserd.te
index 78f4d76..f24986c 100644
--- a/private/snapuserd.te
+++ b/private/snapuserd.te

@@ -42,7 +42,7 @@
 set_prop(snapuserd, snapuserd_prop)
 
 # For inotify watching for /dev/socket/snapuserd_proxy to appear.
-allow snapuserd tmpfs:dir read;
+allow snapuserd tmpfs:dir { read watch };
 
 # Forbid anything other than snapuserd and init setting snapuserd properties.
 neverallow {
commit	f855bc1231ce2688f3973b43a82b872e37786660	[log] [tgz]
author	David Anderson <dvander@google.com>	Thu Aug 05 16:40:57 2021 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Thu Aug 05 16:40:57 2021 +0000
tree	6342ac552fa46e72903477734400549a4cb9a768
parent	1644afe507c8b2840ecc502dc8da6de7712e4570 [diff]
parent	136b4ea8736a514f2d40582299db57c504fd0635 [diff]