diff options
| author |   Christian Göttsche <cgzones@googlemail.com> | 2024-02-22 18:00:42 +0100 |
|---|---|---|
| committer |   Kenton Groombridge <concord@gentoo.org> | 2024-03-01 12:05:47 -0500 |
| commit | f6e3b01a354b974ffc259994385d03909c4be93e (patch) | |
| tree | 3af8a1cbeb1cb090e32cb5038e26958d91ea0222 | |
| parent | selinuxutil: ignore getattr proc in newrole (diff) | |
| download | hardened-refpolicy-f6e3b01a354b974ffc259994385d03909c4be93e.tar.gz hardened-refpolicy-f6e3b01a354b974ffc259994385d03909c4be93e.tar.bz2 hardened-refpolicy-f6e3b01a354b974ffc259994385d03909c4be93e.zip | |
userdom: permit reading PSI as admin
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Kenton Groombridge <concord@gentoo.org>
| -rw-r--r-- | policy/modules/system/userdomain.if | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if index aadbe34c3..b87f6d48e 100644 --- a/policy/modules/system/userdomain.if +++ b/policy/modules/system/userdomain.if @@ -1382,6 +1382,7 @@ template(`userdom_admin_user_template',` kernel_change_ring_buffer_level($1_t) kernel_clear_ring_buffer($1_t) kernel_read_ring_buffer($1_t) + kernel_read_psi($1_t) kernel_get_sysvipc_info($1_t) kernel_rw_all_sysctls($1_t) # signal unlabeled processes: |