Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/
Date: Tue, 12 Dec 2017 07:59:15
Message-Id: 1513062386.e48cc818eaab15e5da207b91292d1f6314966912.perfinion@gentoo
1 commit: e48cc818eaab15e5da207b91292d1f6314966912
2 Author: David Sugar via refpolicy <refpolicy <AT> oss <DOT> tresys <DOT> com>
3 AuthorDate: Wed Dec 6 18:24:44 2017 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Tue Dec 12 07:06:26 2017 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=e48cc818
7
8 Allow xdm_t to read /proc/sys/crypto/fips_enabled
9
10 type=AVC msg=audit(1512047222.742:53): avc: denied { search } for pid=1174 comm="lightdm-gtk-gre" name="crypto" dev="proc" ino=6218 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_crypto_t:s0 tclass=dir
11 type=AVC msg=audit(1512047222.742:53): avc: denied { read } for pid=1174 comm="lightdm-gtk-gre" name="fips_enabled" dev="proc" ino=6219 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_crypto_t:s0 tclass=file
12 type=AVC msg=audit(1512047222.742:53): avc: denied { open } for pid=1174 comm="lightdm-gtk-gre" path="/proc/sys/crypto/fips_enabled" dev="proc" ino=6219 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_crypto_t:s0 tclass=file
13 type=AVC msg=audit(1512047222.743:54): avc: denied { getattr } for pid=1174 comm="lightdm-gtk-gre" path="/proc/sys/crypto/fips_enabled" dev="proc" ino=6219 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_crypto_t:s0 tclass=file
14
15 Signed-off-by: Dave Sugar <dsugar <AT> tresys.com>
16
17 policy/modules/services/xserver.te | 1 +
18 1 file changed, 1 insertion(+)
19
20 diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
21 index c3380257..b512fbe7 100644
22 --- a/policy/modules/services/xserver.te
23 +++ b/policy/modules/services/xserver.te
24 @@ -391,6 +391,7 @@ manage_files_pattern(xdm_t, xserver_log_t, xserver_log_t)
25 manage_fifo_files_pattern(xdm_t, xserver_log_t, xserver_log_t)
26 logging_log_filetrans(xdm_t, xserver_log_t, file)
27
28 +kernel_read_crypto_sysctls(xdm_t)
29 kernel_read_system_state(xdm_t)
30 kernel_read_kernel_sysctls(xdm_t)
31 kernel_read_net_sysctls(xdm_t)
Report Message
Find on MARC Find on Google Groups