usermanage: Add sysctl access for groupadd to get number of groups.

Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com> Signed-off-by: Kenton Groombridge <concord@gentoo.org>
author: Chris PeBenito <Christopher.PeBenito@microsoft.com> 2022-07-07 13:43:07 +0000
committer: Kenton Groombridge <concord@gentoo.org> 2024-03-01 12:05:10 -0500
commit: 13da8b3e5c1bf5141dd4343ce6824de8de3e95c9 (patch)
tree: ae1ff28151a06e9c4668101549937c2ab1e2b8fd
parent: sysnetwork: ifconfig searches debugfs. (diff)
download: hardened-refpolicy-13da8b3e5c1bf5141dd4343ce6824de8de3e95c9.tar.gz
hardened-refpolicy-13da8b3e5c1bf5141dd4343ce6824de8de3e95c9.tar.bz2
hardened-refpolicy-13da8b3e5c1bf5141dd4343ce6824de8de3e95c9.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
index eb893394..b3ec3af3 100644
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@@ -202,6 +202,10 @@ allow groupadd_t self:unix_stream_socket create_stream_socket_perms;
 allow groupadd_t self:unix_dgram_socket sendto;
 allow groupadd_t self:unix_stream_socket connectto;
 
+# for getting the number of groups
+kernel_read_kernel_sysctls(groupadd_t)
+kernel_dontaudit_getattr_proc(groupadd_t)
+
 fs_getattr_xattr_fs(groupadd_t)
 fs_search_auto_mountpoints(groupadd_t)
author	Chris PeBenito <Christopher.PeBenito@microsoft.com>	2022-07-07 13:43:07 +0000
committer	Kenton Groombridge <concord@gentoo.org>	2024-03-01 12:05:10 -0500
commit	13da8b3e5c1bf5141dd4343ce6824de8de3e95c9 (patch)
tree	ae1ff28151a06e9c4668101549937c2ab1e2b8fd
parent	sysnetwork: ifconfig searches debugfs. (diff)
download	hardened-refpolicy-13da8b3e5c1bf5141dd4343ce6824de8de3e95c9.tar.gz hardened-refpolicy-13da8b3e5c1bf5141dd4343ce6824de8de3e95c9.tar.bz2 hardened-refpolicy-13da8b3e5c1bf5141dd4343ce6824de8de3e95c9.zip