Resolve neverallow failure introduced in #273

Signed-off-by: Dave Sugar <dsugar@tresys.com>
2020-06-17 14:19:58 -04:00 · 2020-06-17 14:19:58 -04:00 · 50c24ca481
parent fbdb3755cf
commit 50c24ca481
1 changed files with 1 additions and 1 deletions
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@ -92,7 +92,7 @@ optional_policy(`

 # /proc kcore: inaccessible
 type proc_kcore_t, proc_type;
-neverallow ~{ can_dump_kernel kern_unconfined } proc_kcore_t:file ~getattr;
+neverallow ~{ can_dump_kernel kern_unconfined } proc_kcore_t:file ~{ getattr mounton };
 genfscon proc /kcore gen_context(system_u:object_r:proc_kcore_t,mls_systemhigh)

 optional_policy(`