[selinux-policy: 2320/3172] Kdump reads the kernel core.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:25:59 UTC 2010
commit e21162e4711ef28736c4dfcd34c4bc318b097064
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Nov 25 10:04:40 2009 -0500
Kdump reads the kernel core.
policy/modules/kernel/kernel.if | 1 +
policy/modules/kernel/kernel.te | 2 +-
policy/modules/system/kdump.te | 3 ++-
3 files changed, 4 insertions(+), 2 deletions(-)
---
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index f8fad77..8a970d5 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -974,6 +974,7 @@ interface(`kernel_read_core_if',`
attribute can_dump_kernel;
')
+ allow $1 self:capability sys_rawio;
read_files_pattern($1, proc_t, proc_kcore_t)
list_dirs_pattern($1, proc_t, proc_t)
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
index 42a4d05..400bee5 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -1,5 +1,5 @@
-policy_module(kernel, 1.11.1)
+policy_module(kernel, 1.11.2)
########################################
#
diff --git a/policy/modules/system/kdump.te b/policy/modules/system/kdump.te
index a5a7526..fe64278 100644
--- a/policy/modules/system/kdump.te
+++ b/policy/modules/system/kdump.te
@@ -1,5 +1,5 @@
-policy_module(kdump, 1.0.0)
+policy_module(kdump, 1.0.1)
#######################################
#
@@ -29,6 +29,7 @@ files_read_etc_runtime_files(kdump_t)
files_read_kernel_img(kdump_t)
kernel_read_system_state(kdump_t)
+kernel_read_core_if(kdump_t)
dev_read_framebuffer(kdump_t)
dev_read_sysfs(kdump_t)
More information about the scm-commits
mailing list