54 строки
1.8 KiB
Diff
54 строки
1.8 KiB
Diff
From ee2b299cf796ddce789428773072fc0843a52d2a Mon Sep 17 00:00:00 2001
|
|
From: Chris PeBenito <Christopher.PeBenito@microsoft.com>
|
|
Date: Wed, 1 Sep 2021 19:37:19 +0000
|
|
Subject: systemd, ssh, ntp: Read fips_enabled crypto sysctl.
|
|
|
|
Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
|
|
---
|
|
policy/modules/services/ntp.te | 1 +
|
|
policy/modules/services/ssh.if | 1 +
|
|
policy/modules/system/systemd.te | 1 +
|
|
3 files changed, 3 insertions(+)
|
|
|
|
MSFT_TAG: pending
|
|
|
|
diff --git a/policy/modules/services/ntp.te b/policy/modules/services/ntp.te
|
|
index 1626ae87a..4d7e00243 100644
|
|
--- a/policy/modules/services/ntp.te
|
|
+++ b/policy/modules/services/ntp.te
|
|
@@ -94,6 +94,7 @@ can_exec(ntpd_t, ntpd_exec_t)
|
|
kernel_read_kernel_sysctls(ntpd_t)
|
|
kernel_read_system_state(ntpd_t)
|
|
kernel_read_network_state(ntpd_t)
|
|
+kernel_read_crypto_sysctls(ntpd_t)
|
|
kernel_request_load_module(ntpd_t)
|
|
|
|
corenet_all_recvfrom_netlabel(ntpd_t)
|
|
diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
|
|
index e5edf17a3..e98aeeb03 100644
|
|
--- a/policy/modules/services/ssh.if
|
|
+++ b/policy/modules/services/ssh.if
|
|
@@ -209,6 +209,7 @@ template(`ssh_server_template', `
|
|
|
|
kernel_read_kernel_sysctls($1_t)
|
|
kernel_read_network_state($1_t)
|
|
+ kernel_read_crypto_sysctls($1_t)
|
|
|
|
corenet_all_recvfrom_netlabel($1_t)
|
|
corenet_tcp_sendrecv_generic_if($1_t)
|
|
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
|
|
index e96c5defa..ad69d4d93 100644
|
|
--- a/policy/modules/system/systemd.te
|
|
+++ b/policy/modules/system/systemd.te
|
|
@@ -566,6 +566,7 @@ optional_policy(`
|
|
dontaudit systemd_log_parse_env_type self:capability net_admin;
|
|
|
|
kernel_read_system_state(systemd_log_parse_env_type)
|
|
+kernel_read_crypto_sysctls(systemd_log_parse_env_type)
|
|
|
|
dev_write_kmsg(systemd_log_parse_env_type)
|
|
|
|
--
|
|
2.17.1
|
|
|