commit: 9fd7c1d7cd40977f22af7970e1d4d943912ed5d2 Author: David Sugar <dsugar <AT> tresys <DOT> com> AuthorDate: Wed Dec 6 18:23:41 2017 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Tue Dec 12 07:07:30 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=9fd7c1d7
Allow to read /proc/sys/crypto/fips_enabled Allow accountsd_t and policykitd_t to read /proc/sys/crypto/fips_enabled policy/modules/contrib/accountsd.te | 1 + policy/modules/contrib/policykit.te | 1 + 2 files changed, 2 insertions(+) diff --git a/policy/modules/contrib/accountsd.te b/policy/modules/contrib/accountsd.te index d435a2d6..f56058cc 100644 --- a/policy/modules/contrib/accountsd.te +++ b/policy/modules/contrib/accountsd.te @@ -30,6 +30,7 @@ manage_dirs_pattern(accountsd_t, accountsd_var_lib_t, accountsd_var_lib_t) manage_files_pattern(accountsd_t, accountsd_var_lib_t, accountsd_var_lib_t) files_var_lib_filetrans(accountsd_t, accountsd_var_lib_t, dir) +kernel_read_crypto_sysctls(accountsd_t) kernel_read_kernel_sysctls(accountsd_t) kernel_read_system_state(accountsd_t) diff --git a/policy/modules/contrib/policykit.te b/policy/modules/contrib/policykit.te index 9a0c4d5c..8f2035a0 100644 --- a/policy/modules/contrib/policykit.te +++ b/policy/modules/contrib/policykit.te @@ -85,6 +85,7 @@ can_exec(policykit_t, policykit_exec_t) domtrans_pattern(policykit_t, policykit_auth_exec_t, policykit_auth_t) domtrans_pattern(policykit_t, policykit_resolve_exec_t, policykit_resolve_t) +kernel_read_crypto_sysctls(policykit_t) kernel_read_kernel_sysctls(policykit_t) kernel_read_system_state(policykit_t)
