From 5298b813e1f9121faac34d0ffba13c18bad7e845 Mon Sep 17 00:00:00 2001
From: HuaxinLuGitee <1539327763@qq.com>
Date: Tue, 22 Sep 2020 21:14:15 +0800
Subject: [PATCH] add patch for systemd hostnamed and logind

---
 ...emd-hostnamed-and-logind-read-policy.patch | 34 +++++++++++++++++++
 selinux-policy.spec                           |  6 +++-
 2 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 allow-systemd-hostnamed-and-logind-read-policy.patch

diff --git a/allow-systemd-hostnamed-and-logind-read-policy.patch b/allow-systemd-hostnamed-and-logind-read-policy.patch
new file mode 100644
index 0000000..9524c79
--- /dev/null
+++ b/allow-systemd-hostnamed-and-logind-read-policy.patch
@@ -0,0 +1,34 @@
+From 8b2179cbe385e4b67ab159ac7eee159a664888e3 Mon Sep 17 00:00:00 2001
+From: HuaxinLuGitee <1539327763@qq.com>
+Date: Tue, 22 Sep 2020 20:44:36 +0800
+Subject: [PATCH] commit 2
+
+---
+ policy/modules/system/systemd.te | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
+index 7cb36c4..a98d366 100644
+--- a/policy/modules/system/systemd.te
++++ b/policy/modules/system/systemd.te
+@@ -331,6 +331,8 @@ userdom_manage_user_tmp_chr_files(systemd_logind_t)
+ 
+ xserver_dbus_chat(systemd_logind_t)
+ 
++allow systemd_logind_t security_t:file mmap_read_file_perms;
++
+ optional_policy(`
+ 	apache_read_tmp_files(systemd_logind_t)
+ ')
+@@ -818,6 +820,8 @@ systemd_read_efivarfs(systemd_hostnamed_t)
+ userdom_read_all_users_state(systemd_hostnamed_t)
+ userdom_dbus_send_all_users(systemd_hostnamed_t)
+ 
++allow systemd_hostnamed_t security_t:file mmap_read_file_perms;
++
+ optional_policy(`
+         dbus_system_bus_client(systemd_hostnamed_t)
+         dbus_connect_system_bus(systemd_hostnamed_t)
+-- 
+1.8.3.1
+
diff --git a/selinux-policy.spec b/selinux-policy.spec
index defb46d..040b590 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -12,7 +12,7 @@
 Summary: SELinux policy configuration
 Name:    selinux-policy
 Version: 3.14.2
-Release: 59
+Release: 60
 License: GPLv2+
 URL:     https://github.com/fedora-selinux/selinux-policy/
 
@@ -66,6 +66,7 @@ Patch13: allow-systemd-to-mount-unlabeled-filesystemd.patch
 Patch14: add_userman_access_run_dir.patch
 Patch15: allow-systemd-machined-create-userdbd-runtime-sock-file.patch
 Patch16: allow-systemd_machined_t-delete-userdbd-runtime-sock.patch
+Patch17: allow-systemd-hostnamed-and-logind-read-policy.patch
 
 BuildArch: noarch
 BuildRequires:  python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc
@@ -731,6 +732,9 @@ exit 0
 %endif
 
 %changelog
+* Thu Sep 22 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-60
+- add allow-systemd-hostnamed-and-logind-read-policy.patch
+
 * Thu Sep 17 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-59
 - add allow-systemd_machined_t-delete-userdbd-runtime-sock.patch