Re: [PATCH 2/2] miscfiles: reading certs allows map permission also

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 12/6/19 2:25 PM, Lawrence, Stephen wrote:

---
  policy/modules/system/miscfiles.if | 2 ++
  1 file changed, 2 insertions(+)

diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if
index df11794a..4ff82afb 100644
--- a/policy/modules/system/miscfiles.if
+++ b/policy/modules/system/miscfiles.if
@@ -107,6 +107,7 @@ interface(`miscfiles_read_all_certs',`
allow $1 cert_type:dir list_dir_perms; 
  	read_files_pattern($1, cert_type, cert_type)
+	allow $1 cert_type:file map;
  	read_lnk_files_pattern($1, cert_type, cert_type)
  ')
@@ -128,6 +129,7 @@ interface(`miscfiles_read_generic_certs',` allow $1 cert_t:dir list_dir_perms; 
  	read_files_pattern($1, cert_t, cert_t)
+	allow $1 cert_t:file map;
  	read_lnk_files_pattern($1, cert_t, cert_t)
  ')
Needs a separate map or mmap_read interface. I'm not aware of all cert reading requiring mmap. 

--
Chris PeBenito
[Index of Archives]     [AMD Graphics]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux