!30 add patch for systemd hostnamed and logind
From: @HuaxinLuGitee Reviewed-by: @zhujianwei001 Signed-off-by: @zhujianwei001
This commit is contained in:
openeuler-ci-bot
Gitee
commit
f65bfeb2f7
34
allow-systemd-hostnamed-and-logind-read-policy.patch
Normal file
34
allow-systemd-hostnamed-and-logind-read-policy.patch
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
From 8b2179cbe385e4b67ab159ac7eee159a664888e3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: HuaxinLuGitee <1539327763@qq.com>
|
||||||
|
Date: Tue, 22 Sep 2020 20:44:36 +0800
|
||||||
|
Subject: [PATCH] commit 2
|
||||||
|
|
||||||
|
---
|
||||||
|
policy/modules/system/systemd.te | 4 ++++
|
||||||
|
1 file changed, 4 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
|
||||||
|
index 7cb36c4..a98d366 100644
|
||||||
|
--- a/policy/modules/system/systemd.te
|
||||||
|
+++ b/policy/modules/system/systemd.te
|
||||||
|
@@ -331,6 +331,8 @@ userdom_manage_user_tmp_chr_files(systemd_logind_t)
|
||||||
|
|
||||||
|
xserver_dbus_chat(systemd_logind_t)
|
||||||
|
|
||||||
|
+allow systemd_logind_t security_t:file mmap_read_file_perms;
|
||||||
|
+
|
||||||
|
optional_policy(`
|
||||||
|
apache_read_tmp_files(systemd_logind_t)
|
||||||
|
')
|
||||||
|
@@ -818,6 +820,8 @@ systemd_read_efivarfs(systemd_hostnamed_t)
|
||||||
|
userdom_read_all_users_state(systemd_hostnamed_t)
|
||||||
|
userdom_dbus_send_all_users(systemd_hostnamed_t)
|
||||||
|
|
||||||
|
+allow systemd_hostnamed_t security_t:file mmap_read_file_perms;
|
||||||
|
+
|
||||||
|
optional_policy(`
|
||||||
|
dbus_system_bus_client(systemd_hostnamed_t)
|
||||||
|
dbus_connect_system_bus(systemd_hostnamed_t)
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
||||||
@ -12,7 +12,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.14.2
|
Version: 3.14.2
|
||||||
Release: 59
|
Release: 60
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
URL: https://github.com/fedora-selinux/selinux-policy/
|
URL: https://github.com/fedora-selinux/selinux-policy/
|
||||||
|
|
||||||
@ -66,6 +66,7 @@ Patch13: allow-systemd-to-mount-unlabeled-filesystemd.patch
|
|||||||
Patch14: add_userman_access_run_dir.patch
|
Patch14: add_userman_access_run_dir.patch
|
||||||
Patch15: allow-systemd-machined-create-userdbd-runtime-sock-file.patch
|
Patch15: allow-systemd-machined-create-userdbd-runtime-sock-file.patch
|
||||||
Patch16: allow-systemd_machined_t-delete-userdbd-runtime-sock.patch
|
Patch16: allow-systemd_machined_t-delete-userdbd-runtime-sock.patch
|
||||||
|
Patch17: allow-systemd-hostnamed-and-logind-read-policy.patch
|
||||||
|
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc
|
BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc
|
||||||
@ -731,6 +732,9 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Sep 22 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-60
|
||||||
|
- add allow-systemd-hostnamed-and-logind-read-policy.patch
|
||||||
|
|
||||||
* Thu Sep 17 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-59
|
* Thu Sep 17 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-59
|
||||||
- add allow-systemd_machined_t-delete-userdbd-runtime-sock.patch
|
- add allow-systemd_machined_t-delete-userdbd-runtime-sock.patch
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user