locallogin: Grant local_login_t the dac_read_search capability

It already has dac_override, and depending on the pam modules being used, this may actually be neccessary. Due to the 4.13 changes, I'm now getting dac_read_search denials.
author: Luis Ressel <aranea@aixah.de> 2017-11-15 08:10:14 +0100
committer: Jason Zaman <jason@perfinion.com> 2017-12-12 15:03:03 +0800
commit: b8e5cc37b86c861cd62c248953e342d424fe3252 (patch)
tree: 5863247c75ca6a0827c9f6a82ef9a24f89f2cba2 /policy/modules/system/locallogin.te
parent: Merge upstream (diff)
download: hardened-refpolicy-b8e5cc37b86c861cd62c248953e342d424fe3252.tar.gz
hardened-refpolicy-b8e5cc37b86c861cd62c248953e342d424fe3252.tar.bz2
hardened-refpolicy-b8e5cc37b86c861cd62c248953e342d424fe3252.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te
index c8ef15cef..d2cabe0e2 100644
--- a/policy/modules/system/locallogin.te
+++ b/policy/modules/system/locallogin.te
@@ -32,7 +32,7 @@ role system_r types sulogin_t;
 # Local login local policy
 #
 
-allow local_login_t self:capability { chown dac_override fowner fsetid kill setgid setuid sys_nice sys_resource sys_tty_config };
+allow local_login_t self:capability { chown dac_read_search dac_override fowner fsetid kill setgid setuid sys_nice sys_resource sys_tty_config };
 dontaudit local_login_t self:capability net_admin;
 allow local_login_t self:process { setexec setrlimit setsched };
 allow local_login_t self:fd use;
author	Luis Ressel <aranea@aixah.de>	2017-11-15 08:10:14 +0100
committer	Jason Zaman <jason@perfinion.com>	2017-12-12 15:03:03 +0800
commit	b8e5cc37b86c861cd62c248953e342d424fe3252 (patch)
tree	5863247c75ca6a0827c9f6a82ef9a24f89f2cba2 /policy/modules/system/locallogin.te
parent	Merge upstream (diff)
download	hardened-refpolicy-b8e5cc37b86c861cd62c248953e342d424fe3252.tar.gz hardened-refpolicy-b8e5cc37b86c861cd62c248953e342d424fe3252.tar.bz2 hardened-refpolicy-b8e5cc37b86c861cd62c248953e342d424fe3252.zip