From 7bcba980168b70a4164a1ec768ea56e723ed390b Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Mon, 25 Jan 2021 22:08:16 +0100 Reference: https://github.com/fedora-selinux/selinux-policy/commit/7bcba980168b70a4164a1ec768ea56e723ed390b Conflict: NA Subject: [PATCH] Allow domain write to systemd-resolved PID socket files Previously, the permission was allowed for the nsswitch_domain attribute which turned out not to be sufficient. Resolves: rhbz#1900175 --- policy/modules/kernel/domain.te | 1 + policy/modules/system/authlogin.te | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te index dff8caa..2ab7a49 100644 --- a/policy/modules/kernel/domain.te +++ b/policy/modules/kernel/domain.te @@ -510,6 +510,7 @@ optional_policy(` systemd_login_reboot(unconfined_domain_type) systemd_login_halt(unconfined_domain_type) systemd_login_undefined(unconfined_domain_type) + systemd_resolved_write_pid_sock_files(domain) systemd_filetrans_named_content(named_filetrans_domain) systemd_filetrans_named_hostname(named_filetrans_domain) systemd_filetrans_home_content(named_filetrans_domain) diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te index 576ec5f..068caed 100644 --- a/policy/modules/system/authlogin.te +++ b/policy/modules/system/authlogin.te @@ -562,7 +562,6 @@ optional_policy(` ') optional_policy(` - systemd_resolved_write_pid_sock_files(nsswitch_domain) systemd_userdbd_stream_connect(nsswitch_domain) systemd_machined_stream_connect(nsswitch_domain) ') -- 1.8.3.1