From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Tue, 3 Dec 2013 08:48:19 -0500
Subject: [refpolicy] [PATCH 05/39] authlogin: unix_chkpwd traverses / on
 sysfs device on Debian
In-Reply-To: <1383990320-3340-5-git-send-email-dominick.grift@gmail.com>
References: <1383990320-3340-1-git-send-email-dominick.grift@gmail.com>
	<1383990320-3340-5-git-send-email-dominick.grift@gmail.com>
Message-ID: <529DE123.5040509@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 11/09/13 04:44, Dominick Grift wrote:
> Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> ---
>  policy/modules/system/authlogin.te | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
> index 09b791d..367e920 100644
> --- a/policy/modules/system/authlogin.te
> +++ b/policy/modules/system/authlogin.te
> @@ -105,6 +105,7 @@ domain_dontaudit_use_interactive_fds(chkpwd_t)
>  
>  dev_read_rand(chkpwd_t)
>  dev_read_urand(chkpwd_t)
> +dev_search_sysfs(chkpwd_t)
>  
>  files_read_etc_files(chkpwd_t)
>  # for nscd
 
Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com