34 lines
1.1 KiB
Diff
34 lines
1.1 KiB
Diff
From 5e9918310dccf6d6dd1da52c19ce2a2927d0a96e Mon Sep 17 00:00:00 2001
|
|
From: Richard Filo <rfilo@redhat.com>
|
|
Date: Mon, 24 Aug 2020 10:55:10 +0200
|
|
Reference: https://github.com/fedora-selinux/selinux-policy/commit/5e9918310dccf6d6dd1da52c19ce2a2927d0a96e
|
|
Conflict: NA
|
|
Subject: [PATCH] Allow all users to connect to systemd-userdbd with a unix
|
|
socket
|
|
|
|
Add interface systemd_userdbd_stream_connect() to allow communication using userdb sockets.
|
|
|
|
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1835630
|
|
---
|
|
policy/modules/system/userdomain.te | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
|
|
index 89b4867..756ac4a 100644
|
|
--- a/policy/modules/system/userdomain.te
|
|
+++ b/policy/modules/system/userdomain.te
|
|
@@ -209,6 +209,10 @@ optional_policy(`
|
|
xserver_filetrans_home_content(userdomain)
|
|
')
|
|
|
|
+optional_policy(`
|
|
+ systemd_userdbd_stream_connect(userdomain)
|
|
+')
|
|
+
|
|
# rules for types which can read home certs
|
|
allow userdom_home_reader_certs_type home_cert_t:dir list_dir_perms;
|
|
read_files_pattern(userdom_home_reader_certs_type, home_cert_t, home_cert_t)
|
|
--
|
|
1.8.3.1
|
|
|