add add_userman_access_run_dir.patch
This commit is contained in:
HuaxinLuGitee
parent
abf02cdf15
commit
68df94f5e3
52
add_userman_access_run_dir.patch
Normal file
52
add_userman_access_run_dir.patch
Normal file
@ -0,0 +1,52 @@
|
||||
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
|
||||
index e069cb5..43fed66 100644
|
||||
--- a/policy/modules/admin/usermanage.te
|
||||
+++ b/policy/modules/admin/usermanage.te
|
||||
@@ -250,6 +250,11 @@ files_relabel_etc_files(groupadd_t)
|
||||
files_read_etc_files(groupadd_t)
|
||||
files_read_etc_runtime_files(groupadd_t)
|
||||
files_read_usr_symlinks(groupadd_t)
|
||||
+files_search_pids(groupadd_t)
|
||||
+files_create_var_run_dirs(groupadd_t)
|
||||
+files_delete_all_pids(groupadd_t)
|
||||
+allow groupadd_t var_run_t:file *;
|
||||
+allow groupadd_t var_run_t:dir *;
|
||||
|
||||
# Execute /usr/bin/{passwd, chfn, chsh} and /usr/sbin/{useradd, vipw}.
|
||||
corecmd_exec_bin(groupadd_t)
|
||||
@@ -366,6 +371,11 @@ files_read_usr_files(passwd_t)
|
||||
files_search_var(passwd_t)
|
||||
files_dontaudit_search_pids(passwd_t)
|
||||
files_relabel_etc_files(passwd_t)
|
||||
+files_search_pids(passwd_t)
|
||||
+files_create_var_run_dirs(passwd_t)
|
||||
+files_delete_all_pids(passwd_t)
|
||||
+allow passwd_t var_run_t:file *;
|
||||
+allow passwd_t var_run_t:dir *;
|
||||
|
||||
term_search_ptys(passwd_t)
|
||||
|
||||
@@ -486,6 +496,12 @@ userdom_use_unpriv_users_fds(sysadm_passwd_t)
|
||||
# on user home dir
|
||||
userdom_dontaudit_search_user_home_content(sysadm_passwd_t)
|
||||
|
||||
+files_search_pids(sysadm_passwd_t)
|
||||
+files_create_var_run_dirs(sysadm_passwd_t)
|
||||
+files_delete_all_pids(sysadm_passwd_t)
|
||||
+allow sysadm_passwd_t var_run_t:file *;
|
||||
+allow sysadm_passwd_t var_run_t:dir *;
|
||||
+
|
||||
optional_policy(`
|
||||
nscd_run(sysadm_passwd_t, sysadm_passwd_roles)
|
||||
')
|
||||
@@ -536,6 +552,10 @@ files_read_etc_runtime_files(useradd_t)
|
||||
files_manage_etc_files(useradd_t)
|
||||
files_create_var_lib_dirs(useradd_t)
|
||||
files_rw_var_lib_dirs(useradd_t)
|
||||
+files_search_pids(useradd_t)
|
||||
+files_create_var_run_dirs(useradd_t)
|
||||
+files_delete_all_pids(useradd_t)
|
||||
+allow useradd_t var_run_t:file *;
|
||||
|
||||
fs_search_auto_mountpoints(useradd_t)
|
||||
fs_getattr_xattr_fs(useradd_t)
|
||||
@ -12,7 +12,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.14.2
|
||||
Release: 56
|
||||
Release: 57
|
||||
License: GPLv2+
|
||||
URL: https://github.com/fedora-selinux/selinux-policy/
|
||||
|
||||
@ -63,6 +63,7 @@ Patch10: add-avc-for-systemd-journald.patch
|
||||
Patch11: add-avc-for-systemd-hostnamed-and-systemd-logind.patch
|
||||
Patch12: add-avc-for-systemd.patch
|
||||
Patch13: allow-systemd-to-mount-unlabeled-filesystemd.patch
|
||||
Patch14: add_userman_access_run_dir.patch
|
||||
|
||||
BuildArch: noarch
|
||||
BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc
|
||||
@ -728,6 +729,9 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Aug 28 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-57
|
||||
- add add_userman_access_run_dir.patch
|
||||
|
||||
* Mon Jul 27 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-56
|
||||
- update selinux
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user