From 65e8657831d358c0ecdff421da16c62acac1f7a8 Mon Sep 17 00:00:00 2001 From: guoxiaoqi Date: Tue, 17 Mar 2020 18:02:15 +0800 Subject: [PATCH] fix upgrade error --- ...ow-to-be-access-to-sssd-dir-and-file.patch | 110 ++++++++++++++++++ selinux-policy.spec | 6 +- 2 files changed, 115 insertions(+), 1 deletion(-) create mode 100644 add-allow-to-be-access-to-sssd-dir-and-file.patch diff --git a/add-allow-to-be-access-to-sssd-dir-and-file.patch b/add-allow-to-be-access-to-sssd-dir-and-file.patch new file mode 100644 index 0000000..22a435c --- /dev/null +++ b/add-allow-to-be-access-to-sssd-dir-and-file.patch @@ -0,0 +1,110 @@ +From e4184b665f1ca1f86fb7554095a73a71ad4a46ef Mon Sep 17 00:00:00 2001 +From: guoxiaoqi +Date: Tue, 25 Feb 2020 18:30:13 +0800 +Subject: [PATCH] add allow to be access to sssd dir and file + +Signed-off-by: guoxiaoqi +--- + policy/modules/admin/usermanage.te | 8 +++++ + policy/modules/contrib/sssd.if | 72 ++++++++++++++++++++++++++++++++++++++ + 2 files changed, 80 insertions(+) + +diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te +index 43fed66..c8580a7 100644 +--- a/policy/modules/admin/usermanage.te ++++ b/policy/modules/admin/usermanage.te +@@ -663,3 +663,11 @@ optional_policy(` + optional_policy(` + stapserver_manage_lib(useradd_t) + ') ++# avc for openEuler ++#sssd_var_lib_dir(groupadd_t) ++optional_policy(` ++ sssd_var_lib_map_file(groupadd_t) ++ sssd_var_lib_write_file(groupadd_t) ++ sssd_var_lib_map_file(useradd_t) ++ sssd_var_lib_write_file(useradd_t) ++') +diff --git a/policy/modules/contrib/sssd.if b/policy/modules/contrib/sssd.if +index 50eee3f..1b61ccd 100644 +--- a/policy/modules/contrib/sssd.if ++++ b/policy/modules/contrib/sssd.if +@@ -576,3 +576,75 @@ interface(`sssd_admin',` + allow $1 sssd_unit_file_t:service all_service_perms; + + ') ++ ++######################################## ++## ++## Allow to be access to sssd lib dir. ++## ++## ++## ++## Domain to allow. ++## ++## ++# ++interface(`sssd_var_lib_dir',` ++gen_require(` ++type sssd_var_lib_t; ++') ++ ++allow $1 sssd_var_lib_t:dir { add_name write }; ++') ++ ++######################################## ++## ++## Allow to map sssd lib files. ++## ++## ++## ++## Domain to allow. ++## ++## ++# ++interface(`sssd_var_lib_map_file',` ++gen_require(` ++type sssd_var_lib_t; ++') ++ ++allow $1 sssd_var_lib_t:file map; ++') ++ ++######################################## ++## ++## Allow to write sssd lib files. ++## ++## ++## ++## Domain to allow. ++## ++## ++# ++interface(`sssd_var_lib_write_file',` ++gen_require(` ++type sssd_var_lib_t; ++') ++ ++allow $1 sssd_var_lib_t:file write; ++') ++ ++######################################## ++## ++## Allow to create sssd lib files. ++## ++## ++## ++## Domain to allow. ++## ++## ++# ++interface(`sssd_var_lib_create_file',` ++gen_require(` ++type sssd_var_lib_t; ++') ++ ++allow $1 sssd_var_lib_t:file create; ++') +-- +1.8.3.1 + diff --git a/selinux-policy.spec b/selinux-policy.spec index eb707ff..56e890f 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -12,7 +12,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.2 -Release: 50 +Release: 51 License: GPLv2+ URL: https://github.com/fedora-selinux/selinux-policy/ @@ -66,6 +66,7 @@ Patch15: add-access-to-faillog-file-for-systemd.patch Patch16: add-avc-for-systemd-journald.patch Patch17: add-avc-for-systemd-hostnamed-and-systemd-logind.patch Patch18: add-allowed-avc-for-systemd-1.patch +Patch19: add-allow-to-be-access-to-sssd-dir-and-file.patch BuildArch: noarch BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc @@ -662,6 +663,9 @@ exit 0 %endif %changelog +* Tue Mar 17 2020 openEuler Buildteam - 3.14.2-51 +- fix upgrade error + * Thu Mar 12 2020 openEuler Buildteam - 3.14.2-50 - fix upgrade error