From 86f9f966643f44a30bf75f4774f0e330b4efbc7d Mon Sep 17 00:00:00 2001 From: Dominick Grift Date: Fri, 17 Sep 2010 13:28:50 +0200 Subject: [PATCH] The ps_process_pattern includes permission to get attributes of target domain. --- policy/modules/services/apache.if | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/policy/modules/services/apache.if b/policy/modules/services/apache.if index 0a57cca1..854d78dc 100644 --- a/policy/modules/services/apache.if +++ b/policy/modules/services/apache.if @@ -1322,7 +1322,7 @@ interface(`apache_admin',` type httpd_suexec_tmp_t, httpd_tmp_t; ') - allow $1 httpd_t:process { getattr ptrace signal_perms }; + allow $1 httpd_t:process { ptrace signal_perms }; ps_process_pattern($1, httpd_t) init_labeled_script_domtrans($1, httpd_initrc_exec_t)