Signed-off-by: Jason Zaman <jason@xxxxxxxxxxxxx> --- policy/modules/kernel/kernel.if | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if index 843b26e3..1ad282aa 100644 --- a/policy/modules/kernel/kernel.if +++ b/policy/modules/kernel/kernel.if @@ -2012,6 +2012,24 @@ interface(`kernel_dontaudit_search_kernel_sysctl',` dontaudit $1 sysctl_kernel_t:dir search; ') +####################################### +## <summary> +## Do not audit attempted reading of kernel sysctls +## </summary> +## <param name="domain"> +## <summary> +## Domain to not audit accesses from +## </summary> +## </param> +# +interface(`kernel_dontaudit_read_kernel_sysctl',` + gen_require(` + type sysctl_kernel_t; + ') + + dontaudit $1 sysctl_kernel_t:file read_file_perms; +') + ######################################## ## <summary> ## Read generic crypto sysctls. -- 2.19.2
