diff options
author | Jason Zaman <jason@perfinion.com> | 2019-01-12 16:03:42 +0800 |
---|---|---|
committer | Jason Zaman <jason@perfinion.com> | 2019-02-10 12:11:25 +0800 |
commit | f2e3f0187d67264d9511dbbdbc3b40d898ac9eed (patch) | |
tree | 61e1d9869f1c4c572f6ea4b0bb6214afc457d324 | |
parent | files: introduce files_dontaudit_read_etc_files (diff) | |
download | hardened-refpolicy-f2e3f0187d67264d9511dbbdbc3b40d898ac9eed.tar.gz hardened-refpolicy-f2e3f0187d67264d9511dbbdbc3b40d898ac9eed.tar.bz2 hardened-refpolicy-f2e3f0187d67264d9511dbbdbc3b40d898ac9eed.zip |
kernel: introduce kernel_dontaudit_read_kernel_sysctl
Signed-off-by: Jason Zaman <jason@perfinion.com>
-rw-r--r-- | policy/modules/kernel/kernel.if | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if index 5afc4802..de5ee946 100644 --- a/policy/modules/kernel/kernel.if +++ b/policy/modules/kernel/kernel.if @@ -2012,6 +2012,24 @@ interface(`kernel_dontaudit_search_kernel_sysctl',` dontaudit $1 sysctl_kernel_t:dir search; ') +####################################### +## <summary> +## Do not audit attempted reading of kernel sysctls +## </summary> +## <param name="domain"> +## <summary> +## Domain to not audit accesses from +## </summary> +## </param> +# +interface(`kernel_dontaudit_read_kernel_sysctl',` + gen_require(` + type sysctl_kernel_t; + ') + + dontaudit $1 sysctl_kernel_t:file read_file_perms; +') + ######################################## ## <summary> ## Read generic crypto sysctls. |