diff options
| author |   Luis Ressel <aranea@aixah.de> | 2016-12-06 23:49:02 +0100 |
|---|---|---|
| committer |   Jason Zaman <jason@perfinion.com> | 2016-12-08 12:45:02 +0800 |
| commit | e52d67f09e996710fb8f6a8c9e37843788269b46 (patch) | |
| tree | 84344a35c9aa0ef0b1f1a7c291e270ae75e06792 | |
| parent | Module version bumps for openoffice patches from Guido Trentalancia. (diff) | |
| download | hardened-refpolicy-e52d67f09e996710fb8f6a8c9e37843788269b46.tar.gz hardened-refpolicy-e52d67f09e996710fb8f6a8c9e37843788269b46.tar.bz2 hardened-refpolicy-e52d67f09e996710fb8f6a8c9e37843788269b46.zip | |
kernel.if: Allow listing /proc/sys/net/unix
The kernel_read_unix_sysctls() and kernel_rw_unix_sysctls() currenly
don't allow listing the /proc/sys/net/unix directory, contrary to the
other sysctl interfaces.
| -rw-r--r-- | policy/modules/kernel/kernel.if | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if index 5af202ce..29709dfb 100644 --- a/policy/modules/kernel/kernel.if +++ b/policy/modules/kernel/kernel.if @@ -1758,7 +1758,7 @@ interface(`kernel_read_unix_sysctls',` read_files_pattern($1, { proc_t sysctl_t sysctl_net_t }, sysctl_net_unix_t) - list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_net_t) + list_dirs_pattern($1, { proc_t sysctl_t }, { sysctl_net_t sysctl_net_unix_t }) ') ######################################## @@ -1780,7 +1780,7 @@ interface(`kernel_rw_unix_sysctls',` rw_files_pattern($1, { proc_t sysctl_t sysctl_net_t }, sysctl_net_unix_t) - list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_net_t) + list_dirs_pattern($1, { proc_t sysctl_t }, { sysctl_net_t sysctl_net_unix_t }) ') ######################################## |