commit: 8a3ee1b331c4066f0ce3641fb5ca886f0c479650 Author: Russell Coker <russell <AT> coker <DOT> com <DOT> au> AuthorDate: Wed Aug 3 05:39:37 2016 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sat Aug 13 18:23:03 2016 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=8a3ee1b3
named reads vm sysctls On Wed, 3 Aug 2016 09:43:18 AM Chris PeBenito wrote: > > kernel_read_kernel_sysctls(named_t) > > > > +kernel_read_vm_sysctls(named_t) > > > > kernel_read_system_state(named_t) > > kernel_read_network_state(named_t) > > Yes, there is a kernel_read_vm_overcommit_sysctl(). I've attached a new patch. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ policy/modules/contrib/bind.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/contrib/bind.te b/policy/modules/contrib/bind.te index 2a72066..0683298 100644 --- a/policy/modules/contrib/bind.te +++ b/policy/modules/contrib/bind.te @@ -110,6 +110,7 @@ read_files_pattern(named_t, named_zone_t, named_zone_t) read_lnk_files_pattern(named_t, named_zone_t, named_zone_t) kernel_read_kernel_sysctls(named_t) +kernel_read_vm_overcommit_sysctl(named_t) kernel_read_system_state(named_t) kernel_read_network_state(named_t)
