diff options
author | Christian Göttsche <cgzones@googlemail.com> | 2024-02-22 18:00:42 +0100 |
---|---|---|
committer | Kenton Groombridge <concord@gentoo.org> | 2024-03-01 12:05:47 -0500 |
commit | f6e3b01a354b974ffc259994385d03909c4be93e (patch) | |
tree | 3af8a1cbeb1cb090e32cb5038e26958d91ea0222 /policy | |
parent | selinuxutil: ignore getattr proc in newrole (diff) | |
download | hardened-refpolicy-f6e3b01a354b974ffc259994385d03909c4be93e.tar.gz hardened-refpolicy-f6e3b01a354b974ffc259994385d03909c4be93e.tar.bz2 hardened-refpolicy-f6e3b01a354b974ffc259994385d03909c4be93e.zip |
userdom: permit reading PSI as admin
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Kenton Groombridge <concord@gentoo.org>
Diffstat (limited to 'policy')
-rw-r--r-- | policy/modules/system/userdomain.if | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if index aadbe34c3..b87f6d48e 100644 --- a/policy/modules/system/userdomain.if +++ b/policy/modules/system/userdomain.if @@ -1382,6 +1382,7 @@ template(`userdom_admin_user_template',` kernel_change_ring_buffer_level($1_t) kernel_clear_ring_buffer($1_t) kernel_read_ring_buffer($1_t) + kernel_read_psi($1_t) kernel_get_sysvipc_info($1_t) kernel_rw_all_sysctls($1_t) # signal unlabeled processes: |