commit: 55eca939543fc86c71b3b4843b6f72249fc5774d Author: Corentin LABBE <clabbe.montjoie <AT> gmail <DOT> com> AuthorDate: Wed Jan 25 20:33:13 2023 +0000 Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org> CommitDate: Mon Feb 13 15:24:05 2023 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=55eca939
selinuxutil: permit run_init to read kernel sysctl When restarting services with run_init, I got some AVC due to run_init reading /proc/sys/kernel/cap_last_cap Signed-off-by: Corentin LABBE <clabbe.montjoie <AT> gmail.com> Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org> policy/modules/system/selinuxutil.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te index 5c7c1aec2..a3ff73778 100644 --- a/policy/modules/system/selinuxutil.te +++ b/policy/modules/system/selinuxutil.te @@ -452,6 +452,8 @@ init_spec_domtrans_script(run_init_t) # for utmp init_rw_utmp(run_init_t) +kernel_read_kernel_sysctls(run_init_t) + logging_send_syslog_msg(run_init_t) miscfiles_read_localization(run_init_t)
