From: pebenito@ieee.org (Chris PeBenito) Date: Thu, 7 Dec 2017 18:53:33 -0500 Subject: [refpolicy] [PATCH 1/1] Allow to read /proc/sys/crypto/fips_enabled In-Reply-To: References: Message-ID: <70a62a4e-7f70-8ae1-487e-46adc33b2858@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 12/06/2017 01:23 PM, David Sugar via refpolicy wrote: > Allow accountsd_t and policykitd_t to read /proc/sys/crypto/fips_enabled > --- > accountsd.te | 1 + > policykit.te | 1 + > 2 files changed, 2 insertions(+) > > diff --git a/accountsd.te b/accountsd.te > index d435a2d..f56058c 100644 > --- a/accountsd.te > +++ b/accountsd.te > @@ -30,6 +30,7 @@ manage_dirs_pattern(accountsd_t, accountsd_var_lib_t, accountsd_var_lib_t) > manage_files_pattern(accountsd_t, accountsd_var_lib_t, accountsd_var_lib_t) > files_var_lib_filetrans(accountsd_t, accountsd_var_lib_t, dir) > > +kernel_read_crypto_sysctls(accountsd_t) > kernel_read_kernel_sysctls(accountsd_t) > kernel_read_system_state(accountsd_t) > > diff --git a/policykit.te b/policykit.te > index 9a0c4d5..8f2035a 100644 > --- a/policykit.te > +++ b/policykit.te > @@ -85,6 +85,7 @@ can_exec(policykit_t, policykit_exec_t) > domtrans_pattern(policykit_t, policykit_auth_exec_t, policykit_auth_t) > domtrans_pattern(policykit_t, policykit_resolve_exec_t, policykit_resolve_t) > > +kernel_read_crypto_sysctls(policykit_t) > kernel_read_kernel_sysctls(policykit_t) > kernel_read_system_state(policykit_t) Merged. -- Chris PeBenito