commit: 43e6ee5002b2242ddb58570dec2daef107d15dad Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> AuthorDate: Sat Jan 24 16:51:58 2015 +0000 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> CommitDate: Sun Jan 25 13:42:52 2015 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=43e6ee50
Fix bug #529420 - Allow all domains to read vm sysctls --- policy/modules/kernel/domain.te | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te index 3861c8e..451a1be 100644 --- a/policy/modules/kernel/domain.te +++ b/policy/modules/kernel/domain.te @@ -171,3 +171,13 @@ allow unconfined_domain_type domain:key *; # receive from all domains over labeled networking domain_all_recvfrom_all_domains(unconfined_domain_type) + +ifdef(`distro_gentoo',` + ######################################## + # + # Permissions for all domains + # + + # Bug 529420 + kernel_read_vm_sysctls(domain) +')
