From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Tue, 3 Dec 2013 08:48:19 -0500 Subject: [refpolicy] [PATCH 05/39] authlogin: unix_chkpwd traverses / on sysfs device on Debian In-Reply-To: <1383990320-3340-5-git-send-email-dominick.grift@gmail.com> References: <1383990320-3340-1-git-send-email-dominick.grift@gmail.com> <1383990320-3340-5-git-send-email-dominick.grift@gmail.com> Message-ID: <529DE123.5040509@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 11/09/13 04:44, Dominick Grift wrote: > Signed-off-by: Dominick Grift > --- > policy/modules/system/authlogin.te | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te > index 09b791d..367e920 100644 > --- a/policy/modules/system/authlogin.te > +++ b/policy/modules/system/authlogin.te > @@ -105,6 +105,7 @@ domain_dontaudit_use_interactive_fds(chkpwd_t) > > dev_read_rand(chkpwd_t) > dev_read_urand(chkpwd_t) > +dev_search_sysfs(chkpwd_t) > > files_read_etc_files(chkpwd_t) > # for nscd Merged. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com