commit: 18d959895e154d12737bf1dae892e7f9a06f7011
Author: Antoine Tenart <antoine.tenart <AT> bootlin <DOT> com>
AuthorDate: Thu Aug 13 08:49:41 2020 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Oct 11 21:00:05 2020 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=18d95989
locallogin: allow login to get attributes of procfs
Fixes:
avc: denied { getattr } for pid=88 comm="login" name="/" dev="proc"
ino=1 scontext=system_u:system_r:local_login_t
tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
Signed-off-by: Antoine Tenart <antoine.tenart <AT> bootlin.com>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/system/locallogin.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/system/locallogin.te
b/policy/modules/system/locallogin.te
index 0474c4ef..c0072289 100644
--- a/policy/modules/system/locallogin.te
+++ b/policy/modules/system/locallogin.te
@@ -59,6 +59,7 @@ kernel_read_system_state(local_login_t)
kernel_read_kernel_sysctls(local_login_t)
kernel_search_key(local_login_t)
kernel_link_key(local_login_t)
+kernel_getattr_proc(local_login_t)
corecmd_list_bin(local_login_t)
# cjp: these are probably not needed:
