packages/selinux-policy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!16 add patch to fixing logind read issue of dist device

Browse Source 
Merge pull request !16 from steven/master
This commit is contained in:
openeuler-ci-bot 2020-07-21 14:36:56 +08:00 committed by Gitee
commit 4eeae61a05
2 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
Allow-systemd_logind_t-to-read-fixed-dist-device-BZ-.patch Normal file
View File

@ -0,0 +1,24 @@
From 5a103fd1d605fb1195fbfb02361a723d0f7669aa Mon Sep 17 00:00:00 2001
From: Lukas Vrabec <lvrabec@redhat.com>
Date: Sat, 3 Nov 2018 13:06:47 +0100
Subject: [PATCH] Allow systemd_logind_t to read fixed dist device BZ(1645631)
---
policy/modules/system/systemd.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index eaf0aed..008400a 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -252,6 +252,7 @@ userdom_mounton_tmp_dirs(systemd_logind_t)
storage_setattr_removable_dev(systemd_logind_t)
storage_setattr_scsi_generic_dev(systemd_logind_t)
storage_setattr_fixed_disk_dev(systemd_logind_t)
+storage_raw_read_fixed_disk(systemd_logind_t)
term_use_unallocated_ttys(systemd_logind_t)
--
1.8.3.1

6
selinux-policy.spec
View File

@ -12,7 +12,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.14.2
Release: 54
Release: 55
License: GPLv2+
URL: https://github.com/fedora-selinux/selinux-policy/
@ -73,6 +73,7 @@ Patch22: allow-ipmievd-to-read-the-process-state-proc-pid-of-.patch
Patch23: allow-systemd-to-mount-unlabeled-filesystemd.patch
Patch24: fix-selinux-label-for-hostname-digest-list.patch
Patch25: solve-shutdown-permission-denied-caused-by-dracut.patch
Patch26: Allow-systemd_logind_t-to-read-fixed-dist-device-BZ-.patch
BuildArch: noarch
BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc
@ -669,6 +670,9 @@ exit 0
%endif
%changelog
* Mon Jul 20 2020 steven <steven_ygui@163.com> - 3.14.2-55
- add patch Allow-systemd_logind_t-to-read-fixed-dist-device-BZ-.patch
* Thu Jun 4 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-54
- add map to zerp device at dev_rw_zero interface;
allow ipmievd to read the process state (/proc/pid) of init;