From 50c24ca481ed302a2337b6ae9908f3f165f77b5f Mon Sep 17 00:00:00 2001
From: Dave Sugar <dsugar@tresys.com>
Date: Wed, 17 Jun 2020 14:19:58 -0400
Subject: [PATCH] Resolve neverallow failure introduced in #273

Signed-off-by: Dave Sugar <dsugar@tresys.com>
---
 policy/modules/kernel/kernel.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
index 943bcf01d..fc4a70be2 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -92,7 +92,7 @@ optional_policy(`
 
 # /proc kcore: inaccessible
 type proc_kcore_t, proc_type;
-neverallow ~{ can_dump_kernel kern_unconfined } proc_kcore_t:file ~getattr;
+neverallow ~{ can_dump_kernel kern_unconfined } proc_kcore_t:file ~{ getattr mounton };
 genfscon proc /kcore gen_context(system_u:object_r:proc_kcore_t,mls_systemhigh)
 
 optional_policy(`