[selinux-policy: 87/3172] add ignore read system state
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:12:40 UTC 2010
commit 67484fced40f7e9c56343fee09437d9608b319a1
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon May 2 18:42:33 2005 +0000
add ignore read system state
refpolicy/policy/modules/kernel/kernel.if | 14 ++++++++++++++
1 files changed, 14 insertions(+), 0 deletions(-)
---
diff --git a/refpolicy/policy/modules/kernel/kernel.if b/refpolicy/policy/modules/kernel/kernel.if
index 47f3ef6..05e5e5d 100644
--- a/refpolicy/policy/modules/kernel/kernel.if
+++ b/refpolicy/policy/modules/kernel/kernel.if
@@ -418,6 +418,20 @@ class lnk_file { getattr read };
class file { getattr read };
')
+########################################
+#
+# kernel_ignore_read_system_state(domain)
+#
+define(`kernel_ignore_read_system_state',`
+requires_block_template(kernel_ignore_read_system_state_depend)
+allow $1 proc_t:file read;
+')
+
+ifdef(`kernel_ignore_read_system_state_depend',`
+type proc_t;
+class file read;
+')
+
#######################################
#
# kernel_read_software_raid_state(domain,[`optional'])
More information about the scm-commits
mailing list