From 44a5636ce1fb9d8d306fe49b821b84114ab28746 Mon Sep 17 00:00:00 2001
From: Patrik Koncity <pkoncity@redhat.com>
Date: Fri, 21 Aug 2020 15:47:20 +0200
Reference: https://github.com/fedora-selinux/selinux-policy/commit/44a5636ce1fb9d8d306fe49b821b84114ab28746
Conflict: NA
Subject: [PATCH] Allow passwd to get attributes in proc_t

Add interface kernel_getattr_proc() to passwd policy.
This macro allow paswd get attributes on filesystem /proc.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1858738
---
 policy/modules/admin/usermanage.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
index 262f01e..16b43b6 100644
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@@ -332,6 +332,7 @@ allow passwd_t crack_db_t:dir list_dir_perms;
 read_files_pattern(passwd_t, crack_db_t, crack_db_t)
 
 kernel_read_kernel_sysctls(passwd_t)
+kernel_getattr_proc(passwd_t)
 
 # for SSP
 dev_read_urand(passwd_t)
-- 
1.8.3.1