packages/selinux-policy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!21 add add_userman_access_run_dir.patch

Browse Source 
Merge pull request !21 from 卢华歆/openEuler-20.09
This commit is contained in:
openeuler-ci-bot 2020-08-28 23:20:52 +08:00 committed by Gitee
commit 63c58d14b9
2 changed files with 57 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
add_userman_access_run_dir.patch Normal file
View File

@ -0,0 +1,52 @@
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
index e069cb5..43fed66 100644
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@@ -250,6 +250,11 @@ files_relabel_etc_files(groupadd_t)
files_read_etc_files(groupadd_t)
files_read_etc_runtime_files(groupadd_t)
files_read_usr_symlinks(groupadd_t)
+files_search_pids(groupadd_t)
+files_create_var_run_dirs(groupadd_t)
+files_delete_all_pids(groupadd_t)
+allow groupadd_t var_run_t:file *;
+allow groupadd_t var_run_t:dir *;
# Execute /usr/bin/{passwd, chfn, chsh} and /usr/sbin/{useradd, vipw}.
corecmd_exec_bin(groupadd_t)
@@ -366,6 +371,11 @@ files_read_usr_files(passwd_t)
files_search_var(passwd_t)
files_dontaudit_search_pids(passwd_t)
files_relabel_etc_files(passwd_t)
+files_search_pids(passwd_t)
+files_create_var_run_dirs(passwd_t)
+files_delete_all_pids(passwd_t)
+allow passwd_t var_run_t:file *;
+allow passwd_t var_run_t:dir *;
term_search_ptys(passwd_t)
@@ -486,6 +496,12 @@ userdom_use_unpriv_users_fds(sysadm_passwd_t)
# on user home dir
userdom_dontaudit_search_user_home_content(sysadm_passwd_t)
+files_search_pids(sysadm_passwd_t)
+files_create_var_run_dirs(sysadm_passwd_t)
+files_delete_all_pids(sysadm_passwd_t)
+allow sysadm_passwd_t var_run_t:file *;
+allow sysadm_passwd_t var_run_t:dir *;
+
optional_policy(`
nscd_run(sysadm_passwd_t, sysadm_passwd_roles)
')
@@ -536,6 +552,10 @@ files_read_etc_runtime_files(useradd_t)
files_manage_etc_files(useradd_t)
files_create_var_lib_dirs(useradd_t)
files_rw_var_lib_dirs(useradd_t)
+files_search_pids(useradd_t)
+files_create_var_run_dirs(useradd_t)
+files_delete_all_pids(useradd_t)
+allow useradd_t var_run_t:file *;
fs_search_auto_mountpoints(useradd_t)
fs_getattr_xattr_fs(useradd_t)

6
selinux-policy.spec
View File

@ -12,7 +12,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.14.2 Version: 3.14.2
Release: 56 Release: 57
License: GPLv2+ License: GPLv2+
URL: https://github.com/fedora-selinux/selinux-policy/ URL: https://github.com/fedora-selinux/selinux-policy/
@ -63,6 +63,7 @@ Patch10: add-avc-for-systemd-journald.patch
Patch11: add-avc-for-systemd-hostnamed-and-systemd-logind.patch Patch11: add-avc-for-systemd-hostnamed-and-systemd-logind.patch
Patch12: add-avc-for-systemd.patch Patch12: add-avc-for-systemd.patch
Patch13: allow-systemd-to-mount-unlabeled-filesystemd.patch Patch13: allow-systemd-to-mount-unlabeled-filesystemd.patch
Patch14: add_userman_access_run_dir.patch
BuildArch: noarch BuildArch: noarch
BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc
@ -728,6 +729,9 @@ exit 0
%endif %endif
%changelog %changelog
* Fri Aug 28 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-57
- add add_userman_access_run_dir.patch
* Mon Jul 27 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-56 * Mon Jul 27 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-56
- update selinux - update selinux