From 2b3473c40cca35708c9c061d5c052a5b4a02a945 Mon Sep 17 00:00:00 2001 From: Alexander Miroshnichenko Date: Sun, 30 Dec 2018 17:42:26 +0300 Subject: [PATCH] Allow syncthing_t to read network state. Allow to read network state (/proc/*/route) and proc_t (/proc/cpuinfo, /proc/meminfo). --- policy/modules/apps/syncthing.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/apps/syncthing.te b/policy/modules/apps/syncthing.te index 1f63b3fa8..e45a1ae6d 100644 --- a/policy/modules/apps/syncthing.te +++ b/policy/modules/apps/syncthing.te @@ -36,6 +36,7 @@ xdg_config_filetrans(syncthing_t, syncthing_xdg_config_t, dir) kernel_read_kernel_sysctls(syncthing_t) kernel_read_net_sysctls(syncthing_t) kernel_read_system_state(syncthing_t) +kernel_read_network_state(syncthing_t) corenet_tcp_sendrecv_generic_if(syncthing_t) corenet_udp_sendrecv_generic_if(syncthing_t)