packages/selinux-policy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
selinux-policy/backport-Add-file-context-for-.config-Yubico.patch
lujie42 df3c36d34c Fix CVE-2020-24612
2021-10-08 11:35:33 +08:00

54 lines
2.4 KiB
Diff
Raw Blame History

From 1363710b88904f29915e39335fef0dfb673a0f70 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Mon, 24 Aug 2020 14:29:15 +0200
Subject: [PATCH] Add file context for ~/.config/Yubico
Add file context specification for ~/.config/Yubico in addition to
existing ~/.yubico. Update the auth_filetrans_home_content() and
auth_filetrans_admin_home_content() interfaces accordingly.
Resolves: rhbz#1860888
Signed-off-by: lujie42 <572084868@qq.com>
---
policy/modules/system/authlogin.fc | 2 ++
policy/modules/system/authlogin.if | 2 ++
2 files changed, 4 insertions(+)
diff --git a/policy/modules/system/authlogin.fc b/policy/modules/system/authlogin.fc
index 009c156..58551ec 100644
--- a/policy/modules/system/authlogin.fc
+++ b/policy/modules/system/authlogin.fc
@@ -1,7 +1,9 @@
HOME_DIR/\.yubico(/.*)? gen_context(system_u:object_r:auth_home_t,s0)
+HOME_DIR/\.config/Yubico(/.*)? gen_context(system_u:object_r:auth_home_t,s0)
HOME_DIR/\.google_authenticator gen_context(system_u:object_r:auth_home_t,s0)
HOME_DIR/\.google_authenticator~ gen_context(system_u:object_r:auth_home_t,s0)
/root/\.yubico(/.*)? gen_context(system_u:object_r:auth_home_t,s0)
+/root/\.config/Yubico(/.*)? gen_context(system_u:object_r:auth_home_t,s0)
/root/\.google_authenticator gen_context(system_u:object_r:auth_home_t,s0)
/root/\.google_authenticator~ gen_context(system_u:object_r:auth_home_t,s0)
diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
index 099166d..90ae5fe 100644
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -2313,6 +2313,7 @@ interface(`auth_filetrans_admin_home_content',`
userdom_admin_home_dir_filetrans($1, auth_home_t, file, ".google_authenticator")
userdom_admin_home_dir_filetrans($1, auth_home_t, file, ".google_authenticator~")
userdom_admin_home_dir_filetrans($1, auth_home_t, dir, ".yubico")
+ userdom_admin_home_dir_filetrans($1, auth_home_t, dir, ".config/Yubico")
')
@@ -2377,6 +2378,7 @@ interface(`auth_filetrans_home_content',`
userdom_user_home_dir_filetrans($1, auth_home_t, file, ".google_authenticator")
userdom_user_home_dir_filetrans($1, auth_home_t, file, ".google_authenticator~")
userdom_user_home_dir_filetrans($1, auth_home_t, dir, ".yubico")
+ userdom_user_home_dir_filetrans($1, auth_home_t, dir, ".config/Yubico")
')
########################################
--
1.8.3.1
Reference in New Issue View Git Blame Copy Permalink