[selinux-policy: 3026/3172] The ps_process_pattern includes permission to get attributes of target domain.

Thu Oct 7 23:29:14 UTC 2010

commit 86f9f966643f44a30bf75f4774f0e330b4efbc7d
Author: Dominick Grift <domg472 at gmail.com>
Date:   Fri Sep 17 13:28:50 2010 +0200

    The ps_process_pattern includes permission to get attributes of target domain.

 policy/modules/services/apache.if |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
---

diff --git a/policy/modules/services/apache.if b/policy/modules/services/apache.if
index 0a57cca..854d78d 100644
--- a/policy/modules/services/apache.if
+++ b/policy/modules/services/apache.if
@@ -1322,7 +1322,7 @@ interface(`apache_admin',`
 		type httpd_suexec_tmp_t, httpd_tmp_t;
 	')
 
-	allow $1 httpd_t:process { getattr ptrace signal_perms };
+	allow $1 httpd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, httpd_t)
 
 	init_labeled_script_domtrans($1, httpd_initrc_exec_t)
