From 8cb806fbdf71902c530ba44d8243d3b0b9265c81 Mon Sep 17 00:00:00 2001
From: Antoine Tenart <antoine.tenart@bootlin.com>
Date: Thu, 13 Aug 2020 10:49:41 +0200
Subject: [PATCH] locallogin: allow login to get attributes of procfs

Fixes:
avc:  denied  { getattr } for  pid=88 comm="login" name="/" dev="proc"
ino=1 scontext=system_u:system_r:local_login_t
tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
---
 policy/modules/system/locallogin.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te
index c4b9bd7bb..115922c9d 100644
--- a/policy/modules/system/locallogin.te
+++ b/policy/modules/system/locallogin.te
@@ -59,6 +59,7 @@ kernel_read_system_state(local_login_t)
 kernel_read_kernel_sysctls(local_login_t)
 kernel_search_key(local_login_t)
 kernel_link_key(local_login_t)
+kernel_getattr_proc(local_login_t)
 
 corecmd_list_bin(local_login_t)
 # cjp: these are probably not needed: