45 lines
1.4 KiB
Diff
45 lines
1.4 KiB
Diff
From 02d90bb3e2fc39d67a7d07cec5ca113bd0a53421 Mon Sep 17 00:00:00 2001
|
|
From: Zdenek Pytela <zpytela@redhat.com>
|
|
Date: Mon, 10 Jan 2022 17:36:15 +0100
|
|
Subject: [PATCH] Allow gssproxy access to various system files.
|
|
|
|
Reference: https://gitbub.com/fedora-selinux/selinux-policy/commit/02d90bb3e2fc39d67a7d07cec5ca113bd0a53421
|
|
Conflict: NA
|
|
|
|
gssproxy was allowed to:
|
|
- read system state information in /proc
|
|
- read from random number generator devices (e.g., /dev/random)
|
|
- read hardware state information
|
|
|
|
Resolves: rhbz#2026974
|
|
Signed-off-by: lujie54 <lujie54@huawei.com>
|
|
---
|
|
policy/modules/contrib/gssproxy.te | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/policy/modules/contrib/gssproxy.te b/policy/modules/contrib/gssproxy.te
|
|
index f48457c..aa53de0 100644
|
|
--- a/policy/modules/contrib/gssproxy.te
|
|
+++ b/policy/modules/contrib/gssproxy.te
|
|
@@ -41,6 +41,7 @@ files_pid_filetrans(gssproxy_t, gssproxy_var_run_t, { dir file lnk_file sock_fil
|
|
|
|
kernel_rw_rpc_sysctls(gssproxy_t)
|
|
kernel_read_network_state(gssproxy_t)
|
|
+kernel_read_system_state(gssproxy_t)
|
|
|
|
domain_use_interactive_fds(gssproxy_t)
|
|
domain_read_all_domains_state(gssproxy_t)
|
|
@@ -51,7 +52,9 @@ fs_getattr_all_fs(gssproxy_t)
|
|
|
|
auth_use_nsswitch(gssproxy_t)
|
|
|
|
+dev_read_rand(gssproxy_t)
|
|
dev_read_urand(gssproxy_t)
|
|
+dev_read_sysfs(gssproxy_t)
|
|
dev_rw_crypto(gssproxy_t)
|
|
|
|
logging_send_syslog_msg(gssproxy_t)
|
|
--
|
|
1.8.3.1
|
|
|