commit: 9139acd456b4a49f7d8286023ac6abc09725ccb7 Author: Yi Zhao <yi.zhao <AT> windriver <DOT> com> AuthorDate: Wed Sep 20 06:43:34 2023 +0000 Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org> CommitDate: Fri Oct 6 15:27:06 2023 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=9139acd4
loadkeys: do not audit attempts to get attributes for all directories Fixes: avc: denied { getattr } for pid=239 comm="loadkeys" path="/boot" dev="vda" ino=15 scontext=system_u:system_r:loadkeys_t:s0-s15:c0.c1023 tcontext=system_u:object_r:boot_t:s0 tclass=dir permissive=1 avc: denied { getattr } for pid=239 comm="loadkeys" path="/home" dev="vda" ino=806 scontext=system_u:system_r:loadkeys_t:s0-s15:c0.c1023 tcontext=system_u:object_r:home_root_t:s0-s15:c0.c1023 tclass=dir permissive=1 avc: denied { getattr } for pid=239 comm="loadkeys" path="/lost+found" dev="vda" ino=11 scontext=system_u:system_r:loadkeys_t:s0-s15:c0.c1023 tcontext=system_u:object_r:lost_found_t:s15:c0.c1023 tclass=dir permissive=1 avc: denied { getattr } for pid=239 comm="loadkeys" path="/media" dev="vda" ino=810 scontext=system_u:system_r:loadkeys_t:s0-s15:c0.c1023 tcontext=system_u:object_r:mnt_t:s0 tclass=dir permissive=1 Signed-off-by: Yi Zhao <yi.zhao <AT> windriver.com> Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org> policy/modules/apps/loadkeys.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/apps/loadkeys.te b/policy/modules/apps/loadkeys.te index b9558dccc..56fb45114 100644 --- a/policy/modules/apps/loadkeys.te +++ b/policy/modules/apps/loadkeys.te @@ -35,6 +35,7 @@ files_read_usr_files(loadkeys_t) files_search_runtime(loadkeys_t) files_search_src(loadkeys_t) files_search_tmp(loadkeys_t) +files_dontaudit_getattr_all_dirs(loadkeys_t) term_dontaudit_use_console(loadkeys_t) term_use_unallocated_ttys(loadkeys_t)