34 lines
1.1 KiB
Diff
34 lines
1.1 KiB
Diff
|
From d7924a942d84c255fb9d85f262fd68a9e08c2433 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Zdenek Pytela <zpytela@redhat.com>
|
||
|
|
Date: Tue, 30 Mar 2021 20:54:17 +0200
|
||
|
|
Reference: https://github.com/fedora-selinux/selinux-policy/commit/d7924a942d84c255fb9d85f262fd68a9e08c2433
|
||
|
|
Conflict: NA
|
||
|
|
Subject: [PATCH] Allow nsswitch_domain read cgroup files
|
||
|
|
|
||
|
|
This permission is required when the systemd nss module is used
|
||
|
|
in nsswitch.conf for users or groups. The module checks whether
|
||
|
|
the current process is running in the root cgroup, or if rather
|
||
|
|
cgroup namespaces are in place.
|
||
|
|
|
||
|
|
Resolves: rhbz#1895061
|
||
|
|
---
|
||
|
|
policy/modules/system/authlogin.te | 2 ++
|
||
|
|
1 file changed, 2 insertions(+)
|
||
|
|
|
||
|
|
diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
|
||
|
|
index 068caed..0e54d0a 100644
|
||
|
|
--- a/policy/modules/system/authlogin.te
|
||
|
|
+++ b/policy/modules/system/authlogin.te
|
||
|
|
@@ -465,6 +465,8 @@ files_list_var_lib(nsswitch_domain)
|
||
|
|
# read /etc/nsswitch.conf
|
||
|
|
files_read_etc_files(nsswitch_domain)
|
||
|
|
|
||
|
|
+fs_read_cgroup_files(nsswitch_domain)
|
||
|
|
+
|
||
|
|
init_stream_connectto(nsswitch_domain)
|
||
|
|
|
||
|
|
sysnet_dns_name_resolve(nsswitch_domain)
|
||
|
|
--
|
||
|
|
1.8.3.1
|
||
|
|
|