!30 add patch for systemd hostnamed and logind

From: @HuaxinLuGitee Reviewed-by: @zhujianwei001 Signed-off-by: @zhujianwei001
2020-09-22 21:36:01 +08:00 · 2020-09-22 21:36:01 +08:00 · f65bfeb2f7
commit f65bfeb2f7
parent c13c700791 5298b813e1
2 changed files with 39 additions and 1 deletions
--- a/allow-systemd-hostnamed-and-logind-read-policy.patch
+++ b/allow-systemd-hostnamed-and-logind-read-policy.patch
@ -0,0 +1,34 @@
+From 8b2179cbe385e4b67ab159ac7eee159a664888e3 Mon Sep 17 00:00:00 2001
+From: HuaxinLuGitee <1539327763@qq.com>
+Date: Tue, 22 Sep 2020 20:44:36 +0800
+Subject: [PATCH] commit 2
+
+---
+ policy/modules/system/systemd.te | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
+index 7cb36c4..a98d366 100644
+--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
+@@ -331,6 +331,8 @@ userdom_manage_user_tmp_chr_files(systemd_logind_t)
+ 
+ xserver_dbus_chat(systemd_logind_t)
+ 
+allow systemd_logind_t security_t:file mmap_read_file_perms;
+
+ optional_policy(`
+ 	apache_read_tmp_files(systemd_logind_t)
+ ')
+@@ -818,6 +820,8 @@ systemd_read_efivarfs(systemd_hostnamed_t)
+ userdom_read_all_users_state(systemd_hostnamed_t)
+ userdom_dbus_send_all_users(systemd_hostnamed_t)
+ 
+allow systemd_hostnamed_t security_t:file mmap_read_file_perms;
+
+ optional_policy(`
+         dbus_system_bus_client(systemd_hostnamed_t)
+         dbus_connect_system_bus(systemd_hostnamed_t)
+-- 
+1.8.3.1
+
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -12,7 +12,7 @@
 Summary: SELinux policy configuration
 Name:    selinux-policy
 Version: 3.14.2
-Release: 59
+Release: 60
 License: GPLv2+
 URL:     https://github.com/fedora-selinux/selinux-policy/

@ -66,6 +66,7 @@ Patch13: allow-systemd-to-mount-unlabeled-filesystemd.patch
 Patch14: add_userman_access_run_dir.patch
 Patch15: allow-systemd-machined-create-userdbd-runtime-sock-file.patch
 Patch16: allow-systemd_machined_t-delete-userdbd-runtime-sock.patch
+Patch17: allow-systemd-hostnamed-and-logind-read-policy.patch

 BuildArch: noarch
 BuildRequires:  python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc
@ -731,6 +732,9 @@ exit 0
 %endif

 %changelog
+* Thu Sep 22 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-60
+- add allow-systemd-hostnamed-and-logind-read-policy.patch
+
 * Thu Sep 17 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-59
 - add allow-systemd_machined_t-delete-userdbd-runtime-sock.patch