From 2530406b8f3dc620f886455d747ca3c08b882cd2 Mon Sep 17 00:00:00 2001 From: lujie42 <572084868@qq.com> Date: Tue, 31 Aug 2021 16:06:49 +0800 Subject: [PATCH] Allow systemd hostnamed read udev runtime data --- ...emd-hostnamed-read-udev-runtime-data.patch | 38 +++++++++++++++++++ selinux-policy.spec | 6 ++- 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 backport-Allow-systemd-hostnamed-read-udev-runtime-data.patch diff --git a/backport-Allow-systemd-hostnamed-read-udev-runtime-data.patch b/backport-Allow-systemd-hostnamed-read-udev-runtime-data.patch new file mode 100644 index 0000000..1b8da01 --- /dev/null +++ b/backport-Allow-systemd-hostnamed-read-udev-runtime-data.patch @@ -0,0 +1,38 @@ +From b65f4fd6426b7abb3fa9d73a1e7b8c12092696c6 Mon Sep 17 00:00:00 2001 +From: Zdenek Pytela +Date: Tue, 23 Feb 2021 17:51:37 +0100 +Subject: [PATCH] Allow systemd-hostnamed read udev runtime data + +Required since systemd-248-rc1: +systemd-hostnamed now exports the "HardwareVendor" and "HardwareModel" +D-Bus properties, which are supposed to contain a pair of cleaned up, +human readable strings describing the system's vendor and model. It's +typically sourced from the firmware's DMI tables, but may be augmented +from a new hwdb database. hostnamectl shows this in the status output. + +https://github.com/systemd/systemd/blob/v248-rc1/NEWS + +Resolves: rhbz#1931959 +Signed-off-by: lujie42 <572084868@qq.com> +--- + policy/modules/system/systemd.te | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te +index adbbd37..abfe2d4 100644 +--- a/policy/modules/system/systemd.te ++++ b/policy/modules/system/systemd.te +@@ -849,6 +849,10 @@ optional_policy(` + dbus_connect_system_bus(systemd_hostnamed_t) + ') + ++optional_policy(` ++ udev_read_pid_files(systemd_hostnamed_t) ++') ++ + ####################################### + # + # rfkill policy +-- +1.8.3.1 + diff --git a/selinux-policy.spec b/selinux-policy.spec index 12f22ef..4f3041a 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -12,7 +12,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.2 -Release: 73 +Release: 74 License: GPLv2+ URL: https://github.com/fedora-selinux/selinux-policy/ @@ -112,6 +112,7 @@ Patch6035: backport-Create-chronyd_pid_filetrans-interface.patch Patch6036: backport-iptables.fc-Remove-duplicate-file-context-entries.patch Patch6037: backport-iptables.fc-Add-missing-legacy-entries.patch Patch6038: backport-iptables.fc-Add-missing-legacy-restore-and-legacy-sa.patch +Patch6039: backport-Allow-systemd-hostnamed-read-udev-runtime-data.patch Patch9000: add-qemu_exec_t-for-stratovirt.patch Patch9001: add-avc-for-systemd-selinux-page.patch @@ -781,6 +782,9 @@ exit 0 %endif %changelog +* Tue Aug 31 2021 lujie42 <572084868@qq.com> -3.14.2-74 +- Allow systemd hostnamed read udev runtime data + * Fri Aug 20 2021 ExtinctFire -3.14.2-73 - Add avc for systemd selinux page