init: allow to access console-ramoops with newer kernels

Since linux 3.18, commit 68c4a4f8abc60c9440ede9cd123d48b78325f7a3 has been integrated and requires syslog_read capability a process accessing console-ramoops file. sepolicy must be adapted to this new requirement. Change-Id: Ib4032a6bd96b1828a0154edc8fb510e3c1d3bdc2 Signed-off-by: Sylvain Chouleur <sylvain.chouleur@intel.com>
2016-01-27 16:27:23 +01:00 · 2016-01-27 16:27:23 +01:00 · 9a28f90d6a
commit 9a28f90d6a
parent be0616baf0
1 changed files with 1 additions and 0 deletions
--- a/init.te
+++ b/init.te
@ -266,6 +266,7 @@ allow init metadata_block_device:blk_file rw_file_perms;
 # by dm-verity detecting corrupted blocks
 allow init pstorefs:dir search;
 allow init pstorefs:file r_file_perms;
+allow init kernel:system syslog_read;

 # linux keyring configuration
 allow init init:key { write search setattr };