dontaudit $1 proc_type:file getattr;
')
+########################################
+## <summary>
+## Allow attempts to read all proc types.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`kernel_read_all_proc',`
+ gen_require(`
+ attribute proc_type;
+ ')
+
+ read_files_pattern($1, proc_type, proc_type)
+')
+
########################################
## <summary>
## Do not audit attempts by caller to search
kernel_read_fs_sysctls(snmpd_t)
kernel_read_net_sysctls(snmpd_t)
kernel_read_proc_symlinks(snmpd_t)
-kernel_read_system_state(snmpd_t)
-kernel_read_network_state(snmpd_t)
+kernel_read_all_proc(snmpd_t)
corecmd_exec_bin(snmpd_t)
corecmd_exec_shell(snmpd_t)