From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Tue, 3 Dec 2013 08:48:42 -0500 Subject: [refpolicy] [PATCH 06/39] setrans: mcstransd reads filesystems file in /proc In-Reply-To: <1383990320-3340-6-git-send-email-dominick.grift@gmail.com> References: <1383990320-3340-1-git-send-email-dominick.grift@gmail.com> <1383990320-3340-6-git-send-email-dominick.grift@gmail.com> Message-ID: <529DE13A.6000708@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 11/09/13 04:44, Dominick Grift wrote: > Signed-off-by: Dominick Grift > --- > policy/modules/system/setrans.te | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/policy/modules/system/setrans.te b/policy/modules/system/setrans.te > index 1447687..8e1e27d 100644 > --- a/policy/modules/system/setrans.te > +++ b/policy/modules/system/setrans.te > @@ -50,7 +50,7 @@ manage_sock_files_pattern(setrans_t, setrans_var_run_t, setrans_var_run_t) > files_pid_filetrans(setrans_t, setrans_var_run_t, { file dir }) > > kernel_read_kernel_sysctls(setrans_t) > -kernel_read_proc_symlinks(setrans_t) > +kernel_read_system_state(setrans_t) > > # allow performing getpidcon() on all processes > domain_read_all_domains_state(setrans_t) Merged. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com