On Wed, 27 Nov 2019, Stephen Smalley wrote:
> avc: denied { confidentiality } for pid=4628 comm="cp"
> lockdown_reason="/proc/kcore access"
> scontext=unconfined_u:unconfined_r:test_lockdown_integrity_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:test_lockdown_integrity_t:s0-s0:c0.c1023
> tclass=lockdown permissive=0
>
> Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
> ---
> include/linux/lsm_audit.h | 2 ++
> include/linux/security.h | 2 ++
> security/lockdown/lockdown.c | 24 -----------------------
> security/lsm_audit.c | 5 +++++
> security/security.c | 30 +++++++++++++++++++++++++++++
> security/selinux/hooks.c | 30 +++++++++++++++++++++++++++++
> security/selinux/include/classmap.h | 2 ++
> 7 files changed, 71 insertions(+), 24 deletions(-)
LGTM.
Reviewed-by: James Morris <jamorris@xxxxxxxxxxxxxxxxxxx>
--
James Morris
<jmorris@xxxxxxxxx>
