44 lines
1.6 KiB
Diff
44 lines
1.6 KiB
Diff
From 7bcba980168b70a4164a1ec768ea56e723ed390b Mon Sep 17 00:00:00 2001
|
|
From: Zdenek Pytela <zpytela@redhat.com>
|
|
Date: Mon, 25 Jan 2021 22:08:16 +0100
|
|
Reference: https://github.com/fedora-selinux/selinux-policy/commit/7bcba980168b70a4164a1ec768ea56e723ed390b
|
|
Conflict: NA
|
|
Subject: [PATCH] Allow domain write to systemd-resolved PID socket files
|
|
|
|
Previously, the permission was allowed for the nsswitch_domain
|
|
attribute which turned out not to be sufficient.
|
|
|
|
Resolves: rhbz#1900175
|
|
---
|
|
policy/modules/kernel/domain.te | 1 +
|
|
policy/modules/system/authlogin.te | 1 -
|
|
2 files changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te
|
|
index dff8caa..2ab7a49 100644
|
|
--- a/policy/modules/kernel/domain.te
|
|
+++ b/policy/modules/kernel/domain.te
|
|
@@ -510,6 +510,7 @@ optional_policy(`
|
|
systemd_login_reboot(unconfined_domain_type)
|
|
systemd_login_halt(unconfined_domain_type)
|
|
systemd_login_undefined(unconfined_domain_type)
|
|
+ systemd_resolved_write_pid_sock_files(domain)
|
|
systemd_filetrans_named_content(named_filetrans_domain)
|
|
systemd_filetrans_named_hostname(named_filetrans_domain)
|
|
systemd_filetrans_home_content(named_filetrans_domain)
|
|
diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
|
|
index 576ec5f..068caed 100644
|
|
--- a/policy/modules/system/authlogin.te
|
|
+++ b/policy/modules/system/authlogin.te
|
|
@@ -562,7 +562,6 @@ optional_policy(`
|
|
')
|
|
|
|
optional_policy(`
|
|
- systemd_resolved_write_pid_sock_files(nsswitch_domain)
|
|
systemd_userdbd_stream_connect(nsswitch_domain)
|
|
systemd_machined_stream_connect(nsswitch_domain)
|
|
')
|
|
--
|
|
1.8.3.1
|
|
|