34 lines
1.1 KiB
Diff
34 lines
1.1 KiB
Diff
From 84f1d7c3fe6113effd8eedc2a6602c72fd5d482c Mon Sep 17 00:00:00 2001
|
|
From: Zdenek Pytela <zpytela@redhat.com>
|
|
Date: Thu, 18 Nov 2021 19:08:05 +0100
|
|
Subject: [PATCH] Update userdom_exec_user_tmp_files() with an entrypoint rule
|
|
|
|
Reference: https://gitbub.com/fedora-selinux/selinux-policy/commit/84f1d7c3fe6113effd8eedc2a6602c72fd5d482c
|
|
Conflict: NA
|
|
|
|
The userdom_exec_user_tmp_files() interface contains rules
|
|
to allow execution of user temporary files, but there were no rules
|
|
containing the executable type as entrypoint.
|
|
|
|
Resolves: rhbz#1966945
|
|
Signed-off-by: lujie54 <lujie54@huawei.com>
|
|
---
|
|
policy/modules/system/userdomain.if | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
|
|
index d5a4094..cb56d28 100644
|
|
--- a/policy/modules/system/userdomain.if
|
|
+++ b/policy/modules/system/userdomain.if
|
|
@@ -556,6 +556,7 @@ interface(`userdom_exec_user_tmp_files',`
|
|
type user_tmp_t;
|
|
')
|
|
|
|
+ allow $1 user_tmp_t:file entrypoint;
|
|
exec_files_pattern($1, user_tmp_t, user_tmp_t)
|
|
dontaudit $1 user_tmp_t:sock_file execute;
|
|
files_search_tmp($1)
|
|
--
|
|
1.8.3.1
|
|
|