commit: 3676555ed89c3a47ec1f553710f70bf547bd7245
Author: Christian Göttsche <cgzones <AT> googlemail <DOT> com>
AuthorDate: Thu Feb 22 17:00:55 2024 +0000
Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org>
CommitDate: Fri Mar 1 17:05:57 2024 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=3676555e
consolesetup: update
AVC avc: denied { read } for pid=770 comm="mkdir" name="filesystems"
dev="proc" ino=4026532069 scontext=system_u:system_r:consolesetup_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file permissive=0
Signed-off-by: Christian Göttsche <cgzones <AT> googlemail.com>
Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org>
policy/modules/services/consolesetup.te | 2 ++
1 file changed, 2 insertions(+)
diff --git a/policy/modules/services/consolesetup.te
b/policy/modules/services/consolesetup.te
index 7756ef6c9..023ec5d23 100644
--- a/policy/modules/services/consolesetup.te
+++ b/policy/modules/services/consolesetup.te
@@ -37,6 +37,8 @@ files_runtime_filetrans(consolesetup_t,
consolesetup_runtime_t, dir, "console-se
manage_files_pattern(consolesetup_t, consolesetup_tmp_t, consolesetup_tmp_t)
files_tmp_filetrans(consolesetup_t, consolesetup_tmp_t, file)
+kernel_read_system_state(consolesetup_t)
+
corecmd_exec_bin(consolesetup_t)
corecmd_exec_shell(consolesetup_t)
