| 1 |
commit: 18d959895e154d12737bf1dae892e7f9a06f7011 |
| 2 |
Author: Antoine Tenart <antoine.tenart <AT> bootlin <DOT> com> |
| 3 |
AuthorDate: Thu Aug 13 08:49:41 2020 +0000 |
| 4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun Oct 11 21:00:05 2020 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=18d95989 |
| 7 |
|
| 8 |
locallogin: allow login to get attributes of procfs |
| 9 |
|
| 10 |
Fixes: |
| 11 |
avc: denied { getattr } for pid=88 comm="login" name="/" dev="proc" |
| 12 |
ino=1 scontext=system_u:system_r:local_login_t |
| 13 |
tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 |
| 14 |
|
| 15 |
Signed-off-by: Antoine Tenart <antoine.tenart <AT> bootlin.com> |
| 16 |
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> |
| 17 |
|
| 18 |
policy/modules/system/locallogin.te | 1 + |
| 19 |
1 file changed, 1 insertion(+) |
| 20 |
|
| 21 |
diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te |
| 22 |
index 0474c4ef..c0072289 100644 |
| 23 |
--- a/policy/modules/system/locallogin.te |
| 24 |
+++ b/policy/modules/system/locallogin.te |
| 25 |
@@ -59,6 +59,7 @@ kernel_read_system_state(local_login_t) |
| 26 |
kernel_read_kernel_sysctls(local_login_t) |
| 27 |
kernel_search_key(local_login_t) |
| 28 |
kernel_link_key(local_login_t) |
| 29 |
+kernel_getattr_proc(local_login_t) |
| 30 |
|
| 31 |
corecmd_list_bin(local_login_t) |
| 32 |
# cjp: these are probably not needed: |
Archives