selinux-policy/add-access-to-faillog-file-for-systemd.patch

From 6b63c0acdb2e2435e4294f2de08dd376db15e4e8 Mon Sep 17 00:00:00 2001
From: guoxiaoqi <guoxiaoqi2@huawei.com>
Date: Tue, 25 Feb 2020 21:02:54 +0800
Subject: [PATCH] add access to faillog file for systemd

Signed-off-by: guoxiaoqi <guoxiaoqi2@huawei.com>
---
 policy/modules/system/authlogin.if | 19 +++++++++++++++++++
 policy/modules/system/init.te      |  3 +++
 2 files changed, 22 insertions(+)

diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
index 728a1c4..6f35819 100644
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -2413,3 +2413,22 @@ interface(`auth_login_manage_key',`
 
 	allow $1 login_pgm:key manage_key_perms;
 ')
+
+########################################
+## <summary>
+##      Manage the login failure log for systemd.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`systemd_manage_faillog',`
+gen_require(`
+type faillog_t;
+')
+
+allow $1 faillog_t:dir { add_name write };
+allow $1 faillog_t:file create;
+')
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 035720b..e0d584a 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1868,3 +1868,6 @@ optional_policy(`
         ccs_read_config(daemon)
     ')
  ')
+
+# avc for oprnEuler
+systemd_manage_faillog(init_t)
-- 
1.8.3.1
update avc for openEuler 2020-02-26 14:13:26 +08:00			`From 6b63c0acdb2e2435e4294f2de08dd376db15e4e8 Mon Sep 17 00:00:00 2001`
			`From: guoxiaoqi <guoxiaoqi2@huawei.com>`
			`Date: Tue, 25 Feb 2020 21:02:54 +0800`
			`Subject: [PATCH] add access to faillog file for systemd`

			`Signed-off-by: guoxiaoqi <guoxiaoqi2@huawei.com>`
			`---`
			`policy/modules/system/authlogin.if \| 19 +++++++++++++++++++`
			`policy/modules/system/init.te \| 3 +++`
			`2 files changed, 22 insertions(+)`

			`diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if`
			`index 728a1c4..6f35819 100644`
			`--- a/policy/modules/system/authlogin.if`
			`+++ b/policy/modules/system/authlogin.if`
			@@ -2413,3 +2413,22 @@ interface(`auth_login_manage_key',`

			`allow $1 login_pgm:key manage_key_perms;`
			`')`
			`+`
			`+########################################`
			`+## <summary>`
			`+## Manage the login failure log for systemd.`
			`+## </summary>`
			`+## <param name="domain">`
			`+## <summary>`
			`+## Domain allowed access.`
			`+## </summary>`
			`+## </param>`
			`+#`
			+interface(`systemd_manage_faillog',`
			+gen_require(`
			`+type faillog_t;`
			`+')`
			`+`
			`+allow $1 faillog_t:dir { add_name write };`
			`+allow $1 faillog_t:file create;`
			`+')`
			`diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te`
			`index 035720b..e0d584a 100644`
			`--- a/policy/modules/system/init.te`
			`+++ b/policy/modules/system/init.te`
			@@ -1868,3 +1868,6 @@ optional_policy(`
			`ccs_read_config(daemon)`
			`')`
			`')`
			`+`
			`+# avc for oprnEuler`
			`+systemd_manage_faillog(init_t)`
			`--`
			`1.8.3.1`