https://bugzilla.redhat.com/show_bug.cgi?id=1550595
--- Comment #14 from Javier Martinez Canillas fmartine@redhat.com --- (In reply to dac.override from comment #13)
also this should be investigated reproduced:
https://github.com/tpm2-software/tpm2-abrmd/blob/1.x/selinux/tabrmd.te#L20
Its definitely not "rw_stream_socket_perms", if anything it is "unix_stream_socket { read write }" but even that should be clarified
Ah, I see. The rw_stream_socket_perms it's actually much more than just read and write by looking at its definition in selinux-policy. I think you are correct and unix_stream_socket { read write } should be enough.
What do you mean by clarified? That's the reason why we need this policy in the first place, it's needed after the following tpm2-abrmd commit:
https://github.com/tpm2-software/tpm2-abrmd/commit/51a3c55d772b