Latest useradd lists all devices in /dev and looks at kernel proc_core_t

author Dan Walsh <dwalsh@redhat.com>

Thu, 14 Jul 2011 17:37:04 +0000 (13:37 -0400)

committer Dan Walsh <dwalsh@redhat.com>

Thu, 14 Jul 2011 17:37:04 +0000 (13:37 -0400)
author Dan Walsh <dwalsh@redhat.com>
Thu, 14 Jul 2011 17:37:04 +0000 (13:37 -0400)
committer Dan Walsh <dwalsh@redhat.com>
Thu, 14 Jul 2011 17:37:04 +0000 (13:37 -0400)
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te

index 4e2205cedd7593e85da763ca8acf0ac04227401a..233bbc6281a437fb1cdf032091b22091e3aab24d 100644 (file)
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@@ -450,6 +450,9 @@ corecmd_exec_shell(useradd_t)
  # Execute /usr/bin/{passwd,chfn,chsh} and /usr/sbin/{useradd,vipw}.
  corecmd_exec_bin(useradd_t)
  
+kernel_getattr_core_if(useradd_t)
+dev_dontaudit_getattr_all(useradd_t)
+
  domain_use_interactive_fds(useradd_t)
  domain_read_all_domains_state(useradd_t)
author	Dan Walsh <dwalsh@redhat.com>
	Thu, 14 Jul 2011 17:37:04 +0000 (13:37 -0400)
committer	Dan Walsh <dwalsh@redhat.com>
	Thu, 14 Jul 2011 17:37:04 +0000 (13:37 -0400)