modify whitelist for Sysfs restrictions

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

modify whitelist for Sysfs restrictions

Postby martinvegter » Sat Feb 07, 2015 3:48 pm

I have the option
CONFIG_GRKERNSEC_SYSFS_RESTRICT
enabled in my kernel:

Code: Select all
 Filesystem Protections
   [*] Sysfs/debugfs restriction


In the help, I read that few directories have been whitelisted:
Code: Select all
/sys/fs/selinux
/sys/fs/fuse
/sys/devices/system/cpu


Being on a laptop, I would like to allow user to see battery status:

Code: Select all
/sys/class/power_supply/


How could I addd /sys/class/power_supply/ to the whitelist, so that user can actually see the battery icon or use acpi ?
martinvegter
 
Posts: 6
Joined: Tue Jan 27, 2015 8:49 am

Return to grsecurity support