packages/selinux-policy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix upgrade error

Browse Source
This commit is contained in:
guoxiaoqi 2020-03-12 15:23:53 +08:00
parent d2a37ad894
commit 7cd212411f
3 changed files with 4 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
add-allow-to-be-access-to-sssd-dir-and-file.patch
View File

@ -1,110 +0,0 @@
From e4184b665f1ca1f86fb7554095a73a71ad4a46ef Mon Sep 17 00:00:00 2001
From: guoxiaoqi <guoxiaoqi2@huawei.com>
Date: Tue, 25 Feb 2020 18:30:13 +0800
Subject: [PATCH] add allow to be access to sssd dir and file
Signed-off-by: guoxiaoqi <guoxiaoqi2@huawei.com>
---
policy/modules/admin/usermanage.te | 8 +++++
policy/modules/contrib/sssd.if | 72 ++++++++++++++++++++++++++++++++++++++
2 files changed, 80 insertions(+)
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
index 43fed66..c8580a7 100644
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@@ -663,3 +663,11 @@ optional_policy(`
optional_policy(`
stapserver_manage_lib(useradd_t)
')
+
+# avc for openEuler
+sssd_var_lib_dir(groupadd_t)
+sssd_var_lib_map_file(groupadd_t)
+sssd_var_lib_create_file(groupadd_t)
+sssd_var_lib_write_file(groupadd_t)
+sssd_var_lib_map_file(useradd_t)
+sssd_var_lib_write_file(useradd_t)
diff --git a/policy/modules/contrib/sssd.if b/policy/modules/contrib/sssd.if
index 50eee3f..1b61ccd 100644
--- a/policy/modules/contrib/sssd.if
+++ b/policy/modules/contrib/sssd.if
@@ -576,3 +576,75 @@ interface(`sssd_admin',`
allow $1 sssd_unit_file_t:service all_service_perms;
')
+
+########################################
+## <summary>
+## Allow to be access to sssd lib dir.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to allow.
+## </summary>
+## </param>
+#
+interface(`sssd_var_lib_dir',`
+gen_require(`
+type sssd_var_lib_t;
+')
+
+allow $1 sssd_var_lib_t:dir { add_name write };
+')
+
+########################################
+## <summary>
+## Allow to map sssd lib files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to allow.
+## </summary>
+## </param>
+#
+interface(`sssd_var_lib_map_file',`
+gen_require(`
+type sssd_var_lib_t;
+')
+
+allow $1 sssd_var_lib_t:file map;
+')
+
+########################################
+## <summary>
+## Allow to write sssd lib files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to allow.
+## </summary>
+## </param>
+#
+interface(`sssd_var_lib_write_file',`
+gen_require(`
+type sssd_var_lib_t;
+')
+
+allow $1 sssd_var_lib_t:file write;
+')
+
+########################################
+## <summary>
+## Allow to create sssd lib files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to allow.
+## </summary>
+## </param>
+#
+interface(`sssd_var_lib_create_file',`
+gen_require(`
+type sssd_var_lib_t;
+')
+
+allow $1 sssd_var_lib_t:file create;
+')
--
1.8.3.1

24
add-allow-to-plymouthd-stream-connect-for-agetty.patch
View File

@ -1,24 +0,0 @@
From c1ecad14ce600f2c3c04bec6e7f49f6ef9fefa76 Mon Sep 17 00:00:00 2001
From: guoxiaoqi <guoxiaoqi2@huawei.com>
Date: Tue, 25 Feb 2020 18:45:58 +0800
Subject: [PATCH] add allow to plymouthd stream connect for agetty
Signed-off-by: guoxiaoqi <guoxiaoqi2@huawei.com>
---
policy/modules/system/getty.te | 3 +++
1 file changed, 3 insertions(+)
diff --git a/policy/modules/system/getty.te b/policy/modules/system/getty.te
index d1967ba..c386dfe 100644
--- a/policy/modules/system/getty.te
+++ b/policy/modules/system/getty.te
@@ -165,3 +165,6 @@ optional_policy(`
optional_policy(`
udev_read_db(getty_t)
')
+
+# avc for openEuler
+plymouthd_stream_connect(getty_t)
--
1.8.3.1

7
selinux-policy.spec
View File

@ -12,7 +12,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.14.2 Version: 3.14.2
Release: 49 Release: 50
License: GPLv2+ License: GPLv2+
URL: https://github.com/fedora-selinux/selinux-policy/ URL: https://github.com/fedora-selinux/selinux-policy/
@ -59,8 +59,6 @@ Patch6: Fix-bug-in-userdom_restricted_xwindows_user_template.patch
Patch7: add-allow-for-ldconfig-to-map-libsudo_util-so.patch Patch7: add-allow-for-ldconfig-to-map-libsudo_util-so.patch
Patch8: add-allow-syslogd_t-domain-to-send-null-signal-to-all-do.patch Patch8: add-allow-syslogd_t-domain-to-send-null-signal-to-all-do.patch
Patch9: add-allowed-avc-for-systemd.patch Patch9: add-allowed-avc-for-systemd.patch
Patch10: add-allow-to-be-access-to-sssd-dir-and-file.patch
Patch11: add-allow-to-plymouthd-stream-connect-for-agetty.patch
Patch12: Allow-local_login-to-be-access-to-var-run-files-and-.patch Patch12: Allow-local_login-to-be-access-to-var-run-files-and-.patch
Patch13: access-to-iptables-run-file.patch Patch13: access-to-iptables-run-file.patch
Patch14: add-avc-for-kmod.patch Patch14: add-avc-for-kmod.patch
@ -664,6 +662,9 @@ exit 0
%endif %endif
%changelog %changelog
* Thu Mar 12 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-50
- fix upgrade error
* Sat Feb 29 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-49 * Sat Feb 29 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-49
- enable selinux - enable selinux