Fix bug #529420 - Allow all domains to read vm sysctls

author: Sven Vermeulen <sven.vermeulen@siphos.be> 2015-01-24 17:51:58 +0100
committer: Sven Vermeulen <sven.vermeulen@siphos.be> 2015-01-25 14:42:52 +0100
commit: 43e6ee5002b2242ddb58570dec2daef107d15dad (patch)
tree: 6959f4907306c0cbdb4238053b9eb4b28b7c93a7
parent: mysql: mysql_install_db fcontext (diff)
download: hardened-refpolicy-43e6ee5002b2242ddb58570dec2daef107d15dad.tar.gz
hardened-refpolicy-43e6ee5002b2242ddb58570dec2daef107d15dad.tar.bz2
hardened-refpolicy-43e6ee5002b2242ddb58570dec2daef107d15dad.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te
index 3861c8ef..451a1be5 100644
--- a/policy/modules/kernel/domain.te
+++ b/policy/modules/kernel/domain.te
@@ -171,3 +171,13 @@ allow unconfined_domain_type domain:key *;
 
 # receive from all domains over labeled networking
 domain_all_recvfrom_all_domains(unconfined_domain_type)
+
+ifdef(`distro_gentoo',`
+	########################################
+	#
+	# Permissions for all domains
+	#
+
+	# Bug 529420
+	kernel_read_vm_sysctls(domain)
+')
author	Sven Vermeulen <sven.vermeulen@siphos.be>	2015-01-24 17:51:58 +0100
committer	Sven Vermeulen <sven.vermeulen@siphos.be>	2015-01-25 14:42:52 +0100
commit	43e6ee5002b2242ddb58570dec2daef107d15dad (patch)
tree	6959f4907306c0cbdb4238053b9eb4b28b7c93a7
parent	mysql: mysql_install_db fcontext (diff)
download	hardened-refpolicy-43e6ee5002b2242ddb58570dec2daef107d15dad.tar.gz hardened-refpolicy-43e6ee5002b2242ddb58570dec2daef107d15dad.tar.bz2 hardened-refpolicy-43e6ee5002b2242ddb58570dec2daef107d15dad.zip