1 |
commit: 18d959895e154d12737bf1dae892e7f9a06f7011 |
2 |
Author: Antoine Tenart <antoine.tenart <AT> bootlin <DOT> com> |
3 |
AuthorDate: Thu Aug 13 08:49:41 2020 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Oct 11 21:00:05 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=18d95989 |
7 |
|
8 |
locallogin: allow login to get attributes of procfs |
9 |
|
10 |
Fixes: |
11 |
avc: denied { getattr } for pid=88 comm="login" name="/" dev="proc" |
12 |
ino=1 scontext=system_u:system_r:local_login_t |
13 |
tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 |
14 |
|
15 |
Signed-off-by: Antoine Tenart <antoine.tenart <AT> bootlin.com> |
16 |
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> |
17 |
|
18 |
policy/modules/system/locallogin.te | 1 + |
19 |
1 file changed, 1 insertion(+) |
20 |
|
21 |
diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te |
22 |
index 0474c4ef..c0072289 100644 |
23 |
--- a/policy/modules/system/locallogin.te |
24 |
+++ b/policy/modules/system/locallogin.te |
25 |
@@ -59,6 +59,7 @@ kernel_read_system_state(local_login_t) |
26 |
kernel_read_kernel_sysctls(local_login_t) |
27 |
kernel_search_key(local_login_t) |
28 |
kernel_link_key(local_login_t) |
29 |
+kernel_getattr_proc(local_login_t) |
30 |
|
31 |
corecmd_list_bin(local_login_t) |
32 |
# cjp: these are probably not needed: |