From 9343914c0486b5aa6ff7cceeb8f6c399115e5fb3 Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Tue, 30 Jun 2020 10:18:20 +0800 Subject: [PATCH] policy/modules/admin/dmesg: make dmesg_t MLS trusted reading from files up to its clearance Fixes: avc: denied { read } for pid=255 comm="dmesg" name="kmsg" dev="devtmpfs" ino=10032 scontext=system_u:system_r:dmesg_t:s0-s15:c0.c1023 tcontext=system_u:object_r:kmsg_device_t:s15:c0.c1023 tclass=chr_file permissive=0 Upstream-Status: Inappropriate [embedded specific] Signed-off-by: Yi Zhao --- policy/modules/admin/dmesg.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/admin/dmesg.te b/policy/modules/admin/dmesg.te index f1da315a9..89478c38e 100644 --- a/policy/modules/admin/dmesg.te +++ b/policy/modules/admin/dmesg.te @@ -52,6 +52,8 @@ miscfiles_read_localization(dmesg_t) userdom_dontaudit_use_unpriv_user_fds(dmesg_t) userdom_use_user_terminals(dmesg_t) +mls_file_read_to_clearance(dmesg_t) + optional_policy(` seutil_sigchld_newrole(dmesg_t) ') -- 2.25.1