add avc rules for cloud-init

2023-01-29 00:38:39 +08:00 · 2023-01-29 00:38:39 +08:00 · a3e27ea362
commit a3e27ea362
parent 036edbe0d7
2 changed files with 30 additions and 1 deletions
--- a/allow-init_t-create-fifo-file-in-net_conf-dir.patch
+++ b/allow-init_t-create-fifo-file-in-net_conf-dir.patch
@ -0,0 +1,25 @@
+From b00033d4825cfc3ae9787c94ffa7e5408acf9a4b Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Sun, 29 Jan 2023 00:36:01 +0800
+Subject: [PATCH] allow init_t create fifo file in net_conf dir
+
+Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
+---
+ policy/modules/system/init.te | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
+index 8b84aa1..15b57a7 100644
+--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
+@@ -872,6 +872,7 @@ optional_policy(`
+ 
+ optional_policy(`
+     sysnet_filetrans_cloud_net_conf(init_t)
+    manage_fifo_files_pattern(init_t, net_conf_t, net_conf_t)
+ ')
+ 
+ optional_policy(`
+-- 
+2.33.0
+
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -12,7 +12,7 @@
 Summary: SELinux policy configuration
 Name:    selinux-policy
 Version: 38.6
-Release: 1
+Release: 2
 License: GPLv2+
 URL:     https://github.com/fedora-selinux/selinux-policy/

@ -70,6 +70,7 @@ Patch9002: Add-permission-open-to-files_read_inherited_tmp_file.patch
 Patch9003: allow-httpd-to-put-files-in-httpd-config-dir.patch
 Patch9004: allow-map-postfix_master_t.patch
 Patch9005: add-rule-for-hostnamed-to-rpmscript-dbus-chat.patch
+Patch9006: allow-init_t-create-fifo-file-in-net_conf-dir.patch 

 BuildArch: noarch
 BuildRequires:  python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc
@ -739,6 +740,9 @@ exit 0
 %endif

 %changelog
+* Mon Feb 6 2023 luhuaxin<luhuaxin1@huawei.com> - 38.6-2
+- allow init_t create fifo file in net_conf dir
+
 * Wed Feb 1 2023 zhangguangzhi<zhangguangzhi3@huawei.com> - 38.6-1
 - update version to 38.6