From: dsugar@tresys.com (David Sugar) Date: Wed, 6 Dec 2017 18:23:41 +0000 Subject: [refpolicy] [PATCH 1/1] Allow to read /proc/sys/crypto/fips_enabled Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Allow accountsd_t and policykitd_t to read /proc/sys/crypto/fips_enabled --- accountsd.te | 1 + policykit.te | 1 + 2 files changed, 2 insertions(+) diff --git a/accountsd.te b/accountsd.te index d435a2d..f56058c 100644 --- a/accountsd.te +++ b/accountsd.te @@ -30,6 +30,7 @@ manage_dirs_pattern(accountsd_t, accountsd_var_lib_t, accountsd_var_lib_t) manage_files_pattern(accountsd_t, accountsd_var_lib_t, accountsd_var_lib_t) files_var_lib_filetrans(accountsd_t, accountsd_var_lib_t, dir) +kernel_read_crypto_sysctls(accountsd_t) kernel_read_kernel_sysctls(accountsd_t) kernel_read_system_state(accountsd_t) diff --git a/policykit.te b/policykit.te index 9a0c4d5..8f2035a 100644 --- a/policykit.te +++ b/policykit.te @@ -85,6 +85,7 @@ can_exec(policykit_t, policykit_exec_t) domtrans_pattern(policykit_t, policykit_auth_exec_t, policykit_auth_t) domtrans_pattern(policykit_t, policykit_resolve_exec_t, policykit_resolve_t) +kernel_read_crypto_sysctls(policykit_t) kernel_read_kernel_sysctls(policykit_t) kernel_read_system_state(policykit_t) -- 2.13.6