The ps_process_pattern includes permission to get attributes of target domain.

The ps_process_pattern includes permission to get attributes of target domain.

The ps_process_pattern includes permission to get attributes of target domain.

The ps_process_pattern includes permission to get attributes of target domain.

Signed-off-by: Dominick Grift <domg472@gmail.com>

The ps_process_pattern includes permission to get attributes of target domain.

The ps_process_pattern includes permission to get attributes of target domain.

The ps_process_pattern includes permission to get attributes of target domain.

The ps_process_pattern includes permission to get attributes of target domain.

The ps_process_pattern includes permission to get attributes of target domain.

policy/modules/services/samba.if

@@ -775,7 +775,7 @@ interface(`samba_admin',`
 	allow $1 nmbd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, nmbd_t)
 
-	allow $1 samba_unconfined_script_t:process { ptrace signal_perms getattr };
+	allow $1 samba_unconfined_script_t:process { ptrace signal_perms };
 	read_files_pattern($1, samba_unconfined_script_t, samba_unconfined_script_t)
 
 	samba_run_smbcontrol($1, $2, $3)

policy/modules/services/sasl.if

@@ -42,7 +42,7 @@ interface(`sasl_admin',`
 		type saslauthd_initrc_exec_t;
 	')
 
-	allow $1 saslauthd_t:process { ptrace signal_perms getattr };
+	allow $1 saslauthd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, saslauthd_t)
 
 	init_labeled_script_domtrans($1, saslauthd_initrc_exec_t)

policy/modules/services/sendmail.if

@@ -334,10 +334,10 @@ interface(`sendmail_admin',`
 		type mail_spool_t;
 	')
 
-	allow $1 sendmail_t:process { ptrace signal_perms getattr };
+	allow $1 sendmail_t:process { ptrace signal_perms };
 	read_files_pattern($1, sendmail_t, sendmail_t)
 
-	allow $1 unconfined_sendmail_t:process { ptrace signal_perms getattr };
+	allow $1 unconfined_sendmail_t:process { ptrace signal_perms };
 	read_files_pattern($1, unconfined_sendmail_t, unconfined_sendmail_t)
 
 	sendmail_initrc_domtrans($1)

policy/modules/services/smartmon.if

@@ -42,7 +42,7 @@ interface(`smartmon_admin',`
 		type fsdaemon_initrc_exec_t;
 	')
 
-	allow $1 fsdaemon_t:process { ptrace signal_perms getattr };
+	allow $1 fsdaemon_t:process { ptrace signal_perms };
 	ps_process_pattern($1, fsdaemon_t)
 
 	init_labeled_script_domtrans($1, fsdaemon_initrc_exec_t)

policy/modules/services/snmp.if

@@ -130,7 +130,7 @@ interface(`snmp_admin',`
 		type snmpd_initrc_exec_t;
 	')
 
-	allow $1 snmpd_t:process { ptrace signal_perms getattr };
+	allow $1 snmpd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, snmpd_t)
 
 	init_labeled_script_domtrans($1, snmpd_initrc_exec_t)

policy/modules/services/sssd.if

@@ -233,7 +233,7 @@ interface(`sssd_admin',`
 		type sssd_initrc_exec_t;
 	')
 
-	allow $1 sssd_t:process { ptrace signal_perms getattr };
+	allow $1 sssd_t:process { ptrace signal_perms };
 	read_files_pattern($1, sssd_t, sssd_t)
 
 	# Allow sssd_t to restart the apache service

policy/modules/services/tftp.if

@@ -105,7 +105,7 @@ interface(`tftp_admin',`
 		type tftpd_t, tftpdir_t, tftpdir_rw_t, tftpd_var_run_t;
 	')
 
-	allow $1 tftpd_t:process { ptrace signal_perms getattr };
+	allow $1 tftpd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, tftpd_t)
 
 	files_list_var_lib($1)

policy/modules/services/tor.if

@@ -42,7 +42,7 @@ interface(`tor_admin',`
 		type tor_initrc_exec_t;
 	')
 
-	allow $1 tor_t:process { ptrace signal_perms getattr };
+	allow $1 tor_t:process { ptrace signal_perms };
 	ps_process_pattern($1, tor_t)
 
 	init_labeled_script_domtrans($1, tor_initrc_exec_t)

policy/modules/services/uucp.if

@@ -99,7 +99,7 @@ interface(`uucp_admin',`
 		type uucpd_var_run_t;
 	')
 
-	allow $1 uucpd_t:process { ptrace signal_perms getattr };
+	allow $1 uucpd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, uucpd_t)
 
 	logging_list_logs($1)