commit: f6e3b01a354b974ffc259994385d03909c4be93e
Author: Christian Göttsche <cgzones <AT> googlemail <DOT> com>
AuthorDate: Thu Feb 22 17:00:42 2024 +0000
Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org>
CommitDate: Fri Mar 1 17:05:47 2024 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f6e3b01a
userdom: permit reading PSI as admin
Signed-off-by: Christian Göttsche <cgzones <AT> googlemail.com>
Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org>
policy/modules/system/userdomain.if | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/system/userdomain.if
b/policy/modules/system/userdomain.if
index aadbe34c3..b87f6d48e 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1382,6 +1382,7 @@ template(`userdom_admin_user_template',`
kernel_change_ring_buffer_level($1_t)
kernel_clear_ring_buffer($1_t)
kernel_read_ring_buffer($1_t)
+ kernel_read_psi($1_t)
kernel_get_sysvipc_info($1_t)
kernel_rw_all_sysctls($1_t)
# signal unlabeled processes:
