From 04da7a1eccfacdb195152f94e2a4b63854ef5e82 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 1 Apr 2008 15:40:42 -0400
Subject: [PATCH] Fix AVC when for reading /proc during password change on RHEL
 5

438007
---
 ipa-server/selinux/ipa_kpasswd/ipa_kpasswd.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ipa-server/selinux/ipa_kpasswd/ipa_kpasswd.te b/ipa-server/selinux/ipa_kpasswd/ipa_kpasswd.te
index 91e756b4d..a7f50049f 100644
--- a/ipa-server/selinux/ipa_kpasswd/ipa_kpasswd.te
+++ b/ipa-server/selinux/ipa_kpasswd/ipa_kpasswd.te
@@ -36,6 +36,8 @@ miscfiles_read_localization(ipa_kpasswd_t)
 
 kerberos_use(ipa_kpasswd_t)
 
+kernel_read_system_state(ipa_kpasswd_t)
+
 corenet_tcp_sendrecv_all_if(ipa_kpasswd_t)
 corenet_udp_sendrecv_all_if(ipa_kpasswd_t)
 corenet_raw_sendrecv_all_if(ipa_kpasswd_t)