From 04da7a1eccfacdb195152f94e2a4b63854ef5e82 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Apr 01 2008 19:40:42 +0000
Subject: Fix AVC when for reading /proc during password change on RHEL 5


438007

---

diff --git a/ipa-server/selinux/ipa_kpasswd/ipa_kpasswd.te b/ipa-server/selinux/ipa_kpasswd/ipa_kpasswd.te
index 91e756b..a7f5004 100644
--- a/ipa-server/selinux/ipa_kpasswd/ipa_kpasswd.te
+++ b/ipa-server/selinux/ipa_kpasswd/ipa_kpasswd.te
@@ -36,6 +36,8 @@ miscfiles_read_localization(ipa_kpasswd_t)
 
 kerberos_use(ipa_kpasswd_t)
 
+kernel_read_system_state(ipa_kpasswd_t)
+
 corenet_tcp_sendrecv_all_if(ipa_kpasswd_t)
 corenet_udp_sendrecv_all_if(ipa_kpasswd_t)
 corenet_raw_sendrecv_all_if(ipa_kpasswd_t)