fix upgrade error

2020-03-17 18:02:15 +08:00 · 2020-03-17 18:02:15 +08:00 · 65e8657831
commit 65e8657831
parent 7cd212411f
2 changed files with 115 additions and 1 deletions
--- a/add-allow-to-be-access-to-sssd-dir-and-file.patch
+++ b/add-allow-to-be-access-to-sssd-dir-and-file.patch
@ -0,0 +1,110 @@
+From e4184b665f1ca1f86fb7554095a73a71ad4a46ef Mon Sep 17 00:00:00 2001
+From: guoxiaoqi <guoxiaoqi2@huawei.com>
+Date: Tue, 25 Feb 2020 18:30:13 +0800
+Subject: [PATCH] add allow to be access to sssd dir and file
+
+Signed-off-by: guoxiaoqi <guoxiaoqi2@huawei.com>
+---
+ policy/modules/admin/usermanage.te |  8 +++++
+ policy/modules/contrib/sssd.if     | 72 ++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 80 insertions(+)
+
+diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
+index 43fed66..c8580a7 100644
+--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
+@@ -663,3 +663,11 @@ optional_policy(`
+ optional_policy(`
+ 	stapserver_manage_lib(useradd_t)
+ ')
+# avc for openEuler
+#sssd_var_lib_dir(groupadd_t)
+optional_policy(`
+	sssd_var_lib_map_file(groupadd_t)
+   sssd_var_lib_write_file(groupadd_t)
+   sssd_var_lib_map_file(useradd_t)
+   sssd_var_lib_write_file(useradd_t)
+')
+diff --git a/policy/modules/contrib/sssd.if b/policy/modules/contrib/sssd.if
+index 50eee3f..1b61ccd 100644
+--- a/policy/modules/contrib/sssd.if
+++ b/policy/modules/contrib/sssd.if
+@@ -576,3 +576,75 @@ interface(`sssd_admin',`
+ 	allow $1 sssd_unit_file_t:service all_service_perms;
+ 
+ ')
+
+########################################
+## <summary>
+##      Allow to be access to sssd lib dir.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain to allow.
+##      </summary>
+## </param>
+#
+interface(`sssd_var_lib_dir',`
+gen_require(`
+type sssd_var_lib_t;
+')
+
+allow $1 sssd_var_lib_t:dir { add_name write };
+')
+
+########################################
+## <summary>
+##      Allow to map sssd lib files.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain to allow.
+##      </summary>
+## </param>
+#
+interface(`sssd_var_lib_map_file',`
+gen_require(`
+type sssd_var_lib_t;
+')
+
+allow $1 sssd_var_lib_t:file map;
+')
+
+########################################
+## <summary>
+##      Allow to write sssd lib files.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain to allow.
+##      </summary>
+## </param>
+#
+interface(`sssd_var_lib_write_file',`
+gen_require(`
+type sssd_var_lib_t;
+')
+
+allow $1 sssd_var_lib_t:file write;
+')
+
+########################################
+## <summary>
+##      Allow to create sssd lib files.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain to allow.
+##      </summary>
+## </param>
+#
+interface(`sssd_var_lib_create_file',`
+gen_require(`
+type sssd_var_lib_t;
+')
+
+allow $1 sssd_var_lib_t:file create;
+')
+-- 
+1.8.3.1
+
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -12,7 +12,7 @@
 Summary: SELinux policy configuration
 Name:    selinux-policy
 Version: 3.14.2
-Release: 50
+Release: 51
 License: GPLv2+
 URL:     https://github.com/fedora-selinux/selinux-policy/

@ -66,6 +66,7 @@ Patch15: add-access-to-faillog-file-for-systemd.patch
 Patch16: add-avc-for-systemd-journald.patch
 Patch17: add-avc-for-systemd-hostnamed-and-systemd-logind.patch
 Patch18: add-allowed-avc-for-systemd-1.patch
+Patch19: add-allow-to-be-access-to-sssd-dir-and-file.patch  

 BuildArch: noarch
 BuildRequires:  python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc
@ -662,6 +663,9 @@ exit 0
 %endif

 %changelog
+* Tue Mar 17 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-51
+- fix upgrade error
+
 * Thu Mar 12 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-50
 - fix upgrade error