From 76f54f9e3e91288366008a5b6ceec1375d42e326 Mon Sep 17 00:00:00 2001 From: Nikola Knazekova Date: Wed, 20 Sep 2023 13:36:20 +0200 Subject: [PATCH] Dontaudit rhsmcertd write memory device Do not audit attempts to write to raw memory devices lscpu uses O_RDONLY to read /dev/mem, but on ppc64 it uses IBM's librtas.so that mmap /dev/mem using O_RDRW for open(). Resolves: RHEL-1547 --- policy/modules/contrib/rhsmcertd.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/contrib/rhsmcertd.te b/policy/modules/contrib/rhsmcertd.te index 7d2b494879..ad8e1254ef 100644 --- a/policy/modules/contrib/rhsmcertd.te +++ b/policy/modules/contrib/rhsmcertd.te @@ -93,6 +93,7 @@ corenet_tcp_connect_websm_port(rhsmcertd_t) corecmd_exec_bin(rhsmcertd_t) corecmd_exec_shell(rhsmcertd_t) +dev_dontaudit_write_raw_memory(rhsmcertd_t) dev_read_sysfs(rhsmcertd_t) dev_read_rand(rhsmcertd_t) dev_read_urand(rhsmcertd_t)