commit: f08d86da1f32efeee3a182aec308abfd13eeac95 Author: Dave Sugar <dsugar <AT> tresys <DOT> com> AuthorDate: Thu Oct 1 16:19:54 2020 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sun Oct 11 21:14:40 2020 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f08d86da
Allow snmpd to read hwdata Oct 1 16:11:49 localhost audispd: node=virtual type=AVC msg=audit(1601568708.950:2198): avc: denied { getattr } for pid=4114 comm="snmpd" path="/usr/share/hwdata/pci.ids" dev="dm-0" ino=76435 scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:object_r:hwdata_t:s0 tclass=file permissive=1 Oct 1 16:11:49 localhost audispd: node=virtual type=AVC msg=audit(1601568708.950:2197): avc: denied { read } for pid=4114 comm="snmpd" name="pci.ids" dev="dm-0" ino=76435 scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:object_r:hwdata_t:s0 tclass=file permissive=1 Oct 1 16:11:49 localhost audispd: node=virtual type=AVC msg=audit(1601568708.950:2197): avc: denied { open } for pid=4114 comm="snmpd" path="/usr/share/hwdata/pci.ids" dev="dm-0" ino=76435 scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:object_r:hwdata_t:s0 tclass=file permissive=1 Signed-off-by: Dave Sugar <dsugar <AT> tresys.com> Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> policy/modules/services/snmp.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/services/snmp.te b/policy/modules/services/snmp.te index 97c457e2..c61721c5 100644 --- a/policy/modules/services/snmp.te +++ b/policy/modules/services/snmp.te @@ -108,6 +108,7 @@ init_dontaudit_write_utmp(snmpd_t) logging_send_syslog_msg(snmpd_t) +miscfiles_read_hwdata(snmpd_t) miscfiles_read_localization(snmpd_t) seutil_dontaudit_search_config(snmpd_t)