packages/selinux-policy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
selinux-policy/Allow-local_login-to-be-access-to-var-run-files-and-.patch
guoxiaoqi 32ea5da141 update avc for openEuler
2020-02-26 17:40:12 +08:00

45 lines
1.3 KiB
Diff
Raw Blame History

From ce4e53c392075f01176743a66d6f55026d3a1aba Mon Sep 17 00:00:00 2001
From: guoxiaoqi <guoxiaoqi2@huawei.com>
Date: Tue, 25 Feb 2020 19:03:50 +0800
Subject: [PATCH] Allow local_login to be access to var run files and rasdaemon
to write sysfs files
Signed-off-by: guoxiaoqi <guoxiaoqi2@huawei.com>
---
policy/modules/contrib/rasdaemon.te | 2 ++
policy/modules/system/locallogin.te | 4 ++++
2 files changed, 6 insertions(+)
diff --git a/policy/modules/contrib/rasdaemon.te b/policy/modules/contrib/rasdaemon.te
index dcdca44..c4c46b5 100644
--- a/policy/modules/contrib/rasdaemon.te
+++ b/policy/modules/contrib/rasdaemon.te
@@ -49,3 +49,5 @@ optional_policy(`
dmidecode_exec(rasdaemon_t)
')
+# avc for openEuler
+allow rasdaemon_t sysfs_t:file write;
diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te
index 5412cfe..ce749ce 100644
--- a/policy/modules/system/locallogin.te
+++ b/policy/modules/system/locallogin.te
@@ -201,6 +201,9 @@ optional_policy(`
xserver_rw_xdm_keys(local_login_t)
')
+# avc for openEuler
+allow local_login_t var_run_t:file { getattr open read };
+
#################################
#
# Sulogin local policy
@@ -287,3 +290,4 @@ ifdef(`sulogin_no_pam', `
optional_policy(`
plymouthd_exec_plymouth(sulogin_t)
')
+
--
1.8.3.1
Reference in New Issue View Git Blame Copy Permalink