packages/selinux-policy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!27 add patch for virt

Browse Source 
From: @HuaxinLuGitee
Reviewed-by: @zhujianwei001
Signed-off-by: @zhujianwei001
This commit is contained in:
openeuler-ci-bot 2020-09-11 11:33:43 +08:00 committed by Gitee
commit 49142c8bdd
2 changed files with 59 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
allow-systemd-machined-create-userdbd-runtime-sock-file.patch Normal file
View File

@ -0,0 +1,54 @@
From d4a034518393bd1c0277a4dd3e87c8e94b394317 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Tue, 11 Aug 2020 12:47:42 +0200
Subject: [PATCH] Allow systemd-machined create userdbd runtime sock files
Create the systemd_create_userdbd_runtime_sock_files() interface.
Resolves: rhbz#1862686
---
policy/modules/system/systemd.if | 18 ++++++++++++++++++
policy/modules/system/systemd.te | 1 +
2 files changed, 19 insertions(+)
diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if
index c9d2ed7..a6d8bd0 100644
--- a/policy/modules/system/systemd.if
+++ b/policy/modules/system/systemd.if
@@ -2374,3 +2374,21 @@ interface(`systemd_userdbd_stream_connect',`
allow $1 systemd_userdbd_t:unix_stream_socket connectto;
')
+
+#######################################
+## <summary>
+## Create a named socket in userdbd runtime directory
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`systemd_create_userdbd_runtime_sock_files',`
+ gen_require(`
+ type systemd_userdbd_runtime_t;
+ ')
+
+ create_sock_files_pattern($1, systemd_userdbd_runtime_t, systemd_userdbd_runtime_t)
+')
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 367758a..806b7d6 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -415,6 +415,7 @@ init_manage_config_transient_files(systemd_machined_t)
logging_dgram_send(systemd_machined_t)
systemd_read_efivarfs(systemd_machined_t)
+systemd_create_userdbd_runtime_sock_files(systemd_machined_t)
userdom_dbus_send_all_users(systemd_machined_t)
--
1.8.3.1

6
selinux-policy.spec
View File

@ -12,7 +12,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.14.2
Release: 57
Release: 58
License: GPLv2+
URL: https://github.com/fedora-selinux/selinux-policy/
@ -64,6 +64,7 @@ Patch11: add-avc-for-systemd-hostnamed-and-systemd-logind.patch
Patch12: add-avc-for-systemd.patch
Patch13: allow-systemd-to-mount-unlabeled-filesystemd.patch
Patch14: add_userman_access_run_dir.patch
Patch15: allow-systemd-machined-create-userdbd-runtime-sock-file.patch
BuildArch: noarch
BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc
@ -729,6 +730,9 @@ exit 0
%endif
%changelog
* Wed Sep 10 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-58
- add allow-systemd-machined-create-userdbd-runtime-sock-file.patch
* Fri Aug 28 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-57
- add add_userman_access_run_dir.patch