commit: 9139acd456b4a49f7d8286023ac6abc09725ccb7
Author: Yi Zhao <yi.zhao <AT> windriver <DOT> com>
AuthorDate: Wed Sep 20 06:43:34 2023 +0000
Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org>
CommitDate: Fri Oct 6 15:27:06 2023 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=9139acd4
loadkeys: do not audit attempts to get attributes for all directories
Fixes:
avc: denied { getattr } for pid=239 comm="loadkeys" path="/boot"
dev="vda" ino=15 scontext=system_u:system_r:loadkeys_t:s0-s15:c0.c1023
tcontext=system_u:object_r:boot_t:s0 tclass=dir permissive=1
avc: denied { getattr } for pid=239 comm="loadkeys" path="/home"
dev="vda" ino=806 scontext=system_u:system_r:loadkeys_t:s0-s15:c0.c1023
tcontext=system_u:object_r:home_root_t:s0-s15:c0.c1023 tclass=dir permissive=1
avc: denied { getattr } for pid=239 comm="loadkeys" path="/lost+found"
dev="vda" ino=11 scontext=system_u:system_r:loadkeys_t:s0-s15:c0.c1023
tcontext=system_u:object_r:lost_found_t:s15:c0.c1023 tclass=dir permissive=1
avc: denied { getattr } for pid=239 comm="loadkeys" path="/media"
dev="vda" ino=810 scontext=system_u:system_r:loadkeys_t:s0-s15:c0.c1023
tcontext=system_u:object_r:mnt_t:s0 tclass=dir permissive=1
Signed-off-by: Yi Zhao <yi.zhao <AT> windriver.com>
Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org>
policy/modules/apps/loadkeys.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/apps/loadkeys.te b/policy/modules/apps/loadkeys.te
index b9558dccc..56fb45114 100644
--- a/policy/modules/apps/loadkeys.te
+++ b/policy/modules/apps/loadkeys.te
@@ -35,6 +35,7 @@ files_read_usr_files(loadkeys_t)
files_search_runtime(loadkeys_t)
files_search_src(loadkeys_t)
files_search_tmp(loadkeys_t)
+files_dontaudit_getattr_all_dirs(loadkeys_t)
term_dontaudit_use_console(loadkeys_t)
term_use_unallocated_ttys(loadkeys_t)
