On Mon, Oct 7, 2013 at 2:52 PM, Tai Nguyen (tainguye) <[email protected]>wrote:
> Hi, > > We have a server that needs to read the client /proc/<pid>/cmdline. > Currently, file /proc/<pid>/cmdline belong to the domain of the running > process. > Is there any way that we can have a generalized rule for that process so > that it can read all the /proc/<pid>/cmdline instead of creating rules for > every client domain? > > Thanks, > Tai > > I am not 100% sure I understand your use case... but you could do allow system_server domain:file r_file_perms; replace system_server with the domain that needs access. -- Respectfully, William C Roberts
