From: russell@coker.com.au (Russell Coker)
Date: Sun, 31 Jul 2016 19:27:09 +1000
Subject: [refpolicy]   [PATCH] rpcbind needs to read sysfs
Message-ID: <20160731092708.r3otc6nhhe5keo4w@athena.coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Tiny patch for rpcbind to read sysfs.


diff -ruN /home/rjc/src/pol-git/policy/modules/contrib/rpcbind.te ./policy/modules/contrib/rpcbind.te
--- /home/rjc/src/pol-git/policy/modules/contrib/rpcbind.te	2016-07-30 08:14:41.145651133 +1000
+++ ./policy/modules/contrib/rpcbind.te	2016-07-31 19:26:02.416587318 +1000
@@ -39,6 +39,9 @@
 manage_sock_files_pattern(rpcbind_t, rpcbind_var_lib_t, rpcbind_var_lib_t)
 files_var_lib_filetrans(rpcbind_t, rpcbind_var_lib_t, { file dir sock_file })
 
+# for /sys/devices/system/cpu/online
+dev_read_sysfs(rpcbind_t)
+
 kernel_read_system_state(rpcbind_t)
 kernel_read_network_state(rpcbind_t)
 kernel_request_load_module(rpcbind_t)