[selinux-policy/master_contrib: 19/47] Allow certwatch to read meminfo
Miroslav Grepl
mgrepl at fedoraproject.org
Wed Jan 16 13:32:06 UTC 2013
commit 3e679e495efe279c4e649cac79691f3d90198cff
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Mon Jan 14 11:03:11 2013 +0100
Allow certwatch to read meminfo
certwatch.te | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
---
diff --git a/certwatch.te b/certwatch.te
index fd3cbaf..7c0b1be 100644
--- a/certwatch.te
+++ b/certwatch.te
@@ -21,6 +21,8 @@ role certwatch_roles types certwatch_t;
allow certwatch_t self:capability sys_nice;
allow certwatch_t self:process { setsched getsched };
+kernel_read_system_state(certwatch_t)
+
dev_read_rand(certwatch_t)
dev_read_urand(certwatch_t)
More information about the scm-commits
mailing list