commit: f08d86da1f32efeee3a182aec308abfd13eeac95
Author: Dave Sugar <dsugar <AT> tresys <DOT> com>
AuthorDate: Thu Oct 1 16:19:54 2020 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Oct 11 21:14:40 2020 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f08d86da
Allow snmpd to read hwdata
Oct 1 16:11:49 localhost audispd: node=virtual type=AVC
msg=audit(1601568708.950:2198): avc: denied { getattr } for pid=4114
comm="snmpd" path="/usr/share/hwdata/pci.ids" dev="dm-0" ino=76435
scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:object_r:hwdata_t:s0
tclass=file permissive=1
Oct 1 16:11:49 localhost audispd: node=virtual type=AVC
msg=audit(1601568708.950:2197): avc: denied { read } for pid=4114
comm="snmpd" name="pci.ids" dev="dm-0" ino=76435
scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:object_r:hwdata_t:s0
tclass=file permissive=1
Oct 1 16:11:49 localhost audispd: node=virtual type=AVC
msg=audit(1601568708.950:2197): avc: denied { open } for pid=4114
comm="snmpd" path="/usr/share/hwdata/pci.ids" dev="dm-0" ino=76435
scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:object_r:hwdata_t:s0
tclass=file permissive=1
Signed-off-by: Dave Sugar <dsugar <AT> tresys.com>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/services/snmp.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/services/snmp.te b/policy/modules/services/snmp.te
index 97c457e2..c61721c5 100644
--- a/policy/modules/services/snmp.te
+++ b/policy/modules/services/snmp.te
@@ -108,6 +108,7 @@ init_dontaudit_write_utmp(snmpd_t)
logging_send_syslog_msg(snmpd_t)
+miscfiles_read_hwdata(snmpd_t)
miscfiles_read_localization(snmpd_t)
seutil_dontaudit_search_config(snmpd_t)
