summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKenton Groombridge <concord@gentoo.org>2024-06-27 13:18:45 -0400
committerJason Zaman <perfinion@gentoo.org>2024-09-21 15:28:29 -0700
commite49e0ad89ec418cc13420e25bf92ccf47aeb4f4a (patch)
treed646438dc98ff6efd4d00243d77d9956e30875b6
parentnode_exporter: allow reading localization (diff)
downloadhardened-refpolicy-e49e0ad89ec418cc13420e25bf92ccf47aeb4f4a.tar.gz
hardened-refpolicy-e49e0ad89ec418cc13420e25bf92ccf47aeb4f4a.tar.bz2
hardened-refpolicy-e49e0ad89ec418cc13420e25bf92ccf47aeb4f4a.zip
netutils: allow ping to read net sysctls
ping will check whether IPv6 is disabled. Signed-off-by: Kenton Groombridge <concord@gentoo.org> Signed-off-by: Jason Zaman <perfinion@gentoo.org>
-rw-r--r--policy/modules/admin/netutils.te1
1 files changed, 1 insertions, 0 deletions
diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te
index a19369e9..63d2f9cb 100644
--- a/policy/modules/admin/netutils.te
+++ b/policy/modules/admin/netutils.te
@@ -135,6 +135,7 @@ domain_use_interactive_fds(ping_t)
files_read_etc_files(ping_t)
+kernel_read_net_sysctls(ping_t)
kernel_read_system_state(ping_t)
auth_use_nsswitch(ping_t)