From 6829f2b54dea543cf0aca5c5d3482c53ad8546fa Mon Sep 17 00:00:00 2001 From: huangzq6 Date: Mon, 20 Jul 2020 17:40:10 +0800 Subject: [PATCH] add patch to fixing logind read issue of dist device --- ...gind_t-to-read-fixed-dist-device-BZ-.patch | 24 +++++++++++++++++++ selinux-policy.spec | 6 ++++- 2 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 Allow-systemd_logind_t-to-read-fixed-dist-device-BZ-.patch diff --git a/Allow-systemd_logind_t-to-read-fixed-dist-device-BZ-.patch b/Allow-systemd_logind_t-to-read-fixed-dist-device-BZ-.patch new file mode 100644 index 0000000..d58f3e9 --- /dev/null +++ b/Allow-systemd_logind_t-to-read-fixed-dist-device-BZ-.patch @@ -0,0 +1,24 @@ +From 5a103fd1d605fb1195fbfb02361a723d0f7669aa Mon Sep 17 00:00:00 2001 +From: Lukas Vrabec +Date: Sat, 3 Nov 2018 13:06:47 +0100 +Subject: [PATCH] Allow systemd_logind_t to read fixed dist device BZ(1645631) + +--- + policy/modules/system/systemd.te | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te +index eaf0aed..008400a 100644 +--- a/policy/modules/system/systemd.te ++++ b/policy/modules/system/systemd.te +@@ -252,6 +252,7 @@ userdom_mounton_tmp_dirs(systemd_logind_t) + storage_setattr_removable_dev(systemd_logind_t) + storage_setattr_scsi_generic_dev(systemd_logind_t) + storage_setattr_fixed_disk_dev(systemd_logind_t) ++storage_raw_read_fixed_disk(systemd_logind_t) + + term_use_unallocated_ttys(systemd_logind_t) + +-- +1.8.3.1 + diff --git a/selinux-policy.spec b/selinux-policy.spec index a48d7f7..ee8b53b 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -12,7 +12,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.2 -Release: 54 +Release: 55 License: GPLv2+ URL: https://github.com/fedora-selinux/selinux-policy/ @@ -73,6 +73,7 @@ Patch22: allow-ipmievd-to-read-the-process-state-proc-pid-of-.patch Patch23: allow-systemd-to-mount-unlabeled-filesystemd.patch Patch24: fix-selinux-label-for-hostname-digest-list.patch Patch25: solve-shutdown-permission-denied-caused-by-dracut.patch +Patch26: Allow-systemd_logind_t-to-read-fixed-dist-device-BZ-.patch BuildArch: noarch BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc @@ -669,6 +670,9 @@ exit 0 %endif %changelog +* Mon Jul 20 2020 steven - 3.14.2-55 +- add patch Allow-systemd_logind_t-to-read-fixed-dist-device-BZ-.patch + * Thu Jun 4 2020 openEuler Buildteam - 3.14.2-54 - add map to zerp device at dev_rw_zero interface; allow ipmievd to read the process state (/proc/pid) of init;