packages/selinux-policy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!29 add patch for machined to delete userdbd socket

Browse Source 
From: @HuaxinLuGitee
Reviewed-by: @zhujianwei001,@zhujianwei001
Signed-off-by: @zhujianwei001,@zhujianwei001
This commit is contained in:
openeuler-ci-bot 2020-09-21 12:17:44 +08:00 committed by Gitee
commit c13c700791
2 changed files with 31 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
allow-systemd_machined_t-delete-userdbd-runtime-sock.patch Normal file
View File

@ -0,0 +1,25 @@
From 99e2285e42bb9d06dbf1322b2990ccee974e1c92 Mon Sep 17 00:00:00 2001
From: HuaxinLuGitee <1539327763@qq.com>
Date: Thu, 17 Sep 2020 14:27:25 +0800
Subject: [PATCH] allow systemd_machined_t delete userdbd runtime sock file
---
policy/modules/system/systemd.te | 2 ++
1 file changed, 2 insertions(+)
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 7cb36c4..d0127f6 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -189,6 +189,8 @@ systemd_unit_file(systemd_userdbd_unit_file_t)
type systemd_userdbd_runtime_t;
files_pid_file(systemd_userdbd_runtime_t)
+delete_sock_files_pattern(systemd_machined_t, systemd_userdbd_runtime_t, systemd_userdbd_runtime_t)
+
#######################################
#
# Systemd_logind local policy
--
1.8.3.1

8
selinux-policy.spec
View File

@ -12,7 +12,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.14.2 Version: 3.14.2
Release: 58 Release: 59
License: GPLv2+ License: GPLv2+
URL: https://github.com/fedora-selinux/selinux-policy/ URL: https://github.com/fedora-selinux/selinux-policy/
@ -65,6 +65,7 @@ Patch12: add-avc-for-systemd.patch
Patch13: allow-systemd-to-mount-unlabeled-filesystemd.patch Patch13: allow-systemd-to-mount-unlabeled-filesystemd.patch
Patch14: add_userman_access_run_dir.patch Patch14: add_userman_access_run_dir.patch
Patch15: allow-systemd-machined-create-userdbd-runtime-sock-file.patch Patch15: allow-systemd-machined-create-userdbd-runtime-sock-file.patch
Patch16: allow-systemd_machined_t-delete-userdbd-runtime-sock.patch
BuildArch: noarch BuildArch: noarch
BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc
@ -730,7 +731,10 @@ exit 0
%endif %endif
%changelog %changelog
* Wed Sep 10 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-58 * Thu Sep 17 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-59
- add allow-systemd_machined_t-delete-userdbd-runtime-sock.patch
* Thu Sep 10 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-58
- add allow-systemd-machined-create-userdbd-runtime-sock-file.patch - add allow-systemd-machined-create-userdbd-runtime-sock-file.patch
* Fri Aug 28 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-57 * Fri Aug 28 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-57