diff options
| author |   Jason Zaman <jason@perfinion.com> | 2019-01-12 16:03:41 +0800 |
|---|---|---|
| committer | Jason Zaman <jason@perfinion.com> | 2019-02-10 12:11:25 +0800 |
| commit | 136b8a2b8c1ea3bb501b668de7401e01a87e780b (patch) | |
| tree | f17ca938689a1dac3b087deb587d1de5b25e6b56 | |
| parent | devices: introduce dev_dontaudit_read_sysfs (diff) | |
| download | hardened-refpolicy-136b8a2b.tar.gz hardened-refpolicy-136b8a2b.tar.bz2 hardened-refpolicy-136b8a2b.zip | |
files: introduce files_dontaudit_read_etc_files
Signed-off-by: Jason Zaman <jason@perfinion.com>
| -rw-r--r-- | policy/modules/kernel/files.if | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if index 4920809d..0ace4966 100644 --- a/policy/modules/kernel/files.if +++ b/policy/modules/kernel/files.if @@ -3407,6 +3407,25 @@ interface(`files_dontaudit_read_etc_runtime_files',` ######################################## ## <summary> +## Do not audit attempts to read files +## in /etc +## </summary> +## <param name="domain"> +## <summary> +## Domain to not audit. +## </summary> +## </param> +# +interface(`files_dontaudit_read_etc_files',` + gen_require(` + type etc_t; + ') + + dontaudit $1 etc_t:file { getattr read }; +') + +######################################## +## <summary> ## Do not audit attempts to write ## etc runtime files. ## </summary> |