commit: 18d959895e154d12737bf1dae892e7f9a06f7011 Author: Antoine Tenart <antoine.tenart <AT> bootlin <DOT> com> AuthorDate: Thu Aug 13 08:49:41 2020 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sun Oct 11 21:00:05 2020 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=18d95989
locallogin: allow login to get attributes of procfs Fixes: avc: denied { getattr } for pid=88 comm="login" name="/" dev="proc" ino=1 scontext=system_u:system_r:local_login_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 Signed-off-by: Antoine Tenart <antoine.tenart <AT> bootlin.com> Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> policy/modules/system/locallogin.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te index 0474c4ef..c0072289 100644 --- a/policy/modules/system/locallogin.te +++ b/policy/modules/system/locallogin.te @@ -59,6 +59,7 @@ kernel_read_system_state(local_login_t) kernel_read_kernel_sysctls(local_login_t) kernel_search_key(local_login_t) kernel_link_key(local_login_t) +kernel_getattr_proc(local_login_t) corecmd_list_bin(local_login_t) # cjp: these are probably not needed: