53 lines
1.8 KiB
Diff
53 lines
1.8 KiB
Diff
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
|
|
index e069cb5..43fed66 100644
|
|
--- a/policy/modules/admin/usermanage.te
|
|
+++ b/policy/modules/admin/usermanage.te
|
|
@@ -250,6 +250,11 @@ files_relabel_etc_files(groupadd_t)
|
|
files_read_etc_files(groupadd_t)
|
|
files_read_etc_runtime_files(groupadd_t)
|
|
files_read_usr_symlinks(groupadd_t)
|
|
+files_search_pids(groupadd_t)
|
|
+files_create_var_run_dirs(groupadd_t)
|
|
+files_delete_all_pids(groupadd_t)
|
|
+allow groupadd_t var_run_t:file *;
|
|
+allow groupadd_t var_run_t:dir *;
|
|
|
|
# Execute /usr/bin/{passwd, chfn, chsh} and /usr/sbin/{useradd, vipw}.
|
|
corecmd_exec_bin(groupadd_t)
|
|
@@ -366,6 +371,11 @@ files_read_usr_files(passwd_t)
|
|
files_search_var(passwd_t)
|
|
files_dontaudit_search_pids(passwd_t)
|
|
files_relabel_etc_files(passwd_t)
|
|
+files_search_pids(passwd_t)
|
|
+files_create_var_run_dirs(passwd_t)
|
|
+files_delete_all_pids(passwd_t)
|
|
+allow passwd_t var_run_t:file *;
|
|
+allow passwd_t var_run_t:dir *;
|
|
|
|
term_search_ptys(passwd_t)
|
|
|
|
@@ -486,6 +496,12 @@ userdom_use_unpriv_users_fds(sysadm_passwd_t)
|
|
# on user home dir
|
|
userdom_dontaudit_search_user_home_content(sysadm_passwd_t)
|
|
|
|
+files_search_pids(sysadm_passwd_t)
|
|
+files_create_var_run_dirs(sysadm_passwd_t)
|
|
+files_delete_all_pids(sysadm_passwd_t)
|
|
+allow sysadm_passwd_t var_run_t:file *;
|
|
+allow sysadm_passwd_t var_run_t:dir *;
|
|
+
|
|
optional_policy(`
|
|
nscd_run(sysadm_passwd_t, sysadm_passwd_roles)
|
|
')
|
|
@@ -536,6 +552,10 @@ files_read_etc_runtime_files(useradd_t)
|
|
files_manage_etc_files(useradd_t)
|
|
files_create_var_lib_dirs(useradd_t)
|
|
files_rw_var_lib_dirs(useradd_t)
|
|
+files_search_pids(useradd_t)
|
|
+files_create_var_run_dirs(useradd_t)
|
|
+files_delete_all_pids(useradd_t)
|
|
+allow useradd_t var_run_t:file *;
|
|
|
|
fs_search_auto_mountpoints(useradd_t)
|
|
fs_getattr_xattr_fs(useradd_t)
|