From: dominick.grift@gmail.com (grift)
Date: Mon, 17 Dec 2012 21:41:55 +0100
Subject: [refpolicy] [PATCH 6/9] Allow networkmanager_t to read
 crypto_sysctl_t
In-Reply-To: <1355774297-13606-6-git-send-email-bigon@debian.org>
References: <1355774297-13606-1-git-send-email-bigon@debian.org>
	<1355774297-13606-6-git-send-email-bigon@debian.org>
Message-ID: <1355776915.2269.18.camel@localhost>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 2012-12-17 at 20:58 +0100, Laurent Bigonville wrote:
> From: Laurent Bigonville <bigon@bigon.be>
> 

This was merged, thanks
> nm-openvpn-service is started in the networkmanager_t context, if it's
> compiled with gnutls instead openssl, the library will read
> /proc/sys/crypto/fips_enabled
> ---
>  networkmanager.te |    1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/networkmanager.te b/networkmanager.te
> index ebaea1d..e96e750 100644
> --- a/networkmanager.te
> +++ b/networkmanager.te
> @@ -83,6 +83,7 @@ files_pid_filetrans(NetworkManager_t, NetworkManager_var_run_t, { dir file sock_
>  
>  can_exec(NetworkManager_t, { NetworkManager_exec_t wpa_cli_exec_t NetworkManager_tmp_t })
>  
> +kernel_read_crypto_sysctls(NetworkManager_t)
>  kernel_read_system_state(NetworkManager_t)
>  kernel_read_network_state(NetworkManager_t)
>  kernel_read_kernel_sysctls(NetworkManager_t)