packages/selinux-policy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
selinux-policy/backport-Allow-iscsid-the-sys_ptrace-userns-capability.patch
lujie54 bed9e54ba5 backport upstream patches
2022-09-15 10:25:08 +08:00

30 lines
1.1 KiB
Diff
Raw Blame History

From db12459fc6360763f7358adff0026577f2d51261 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Tue, 31 May 2022 19:51:21 +0200
Subject: [PATCH] Allow iscsid the sys_ptrace userns capability
Reference: https://gitbub.com/fedora-selinux/selinux-policy/commit/db12459fc6360763f7358adff0026577f2d51261
Conflict: NA
Resolves: rhbz#2086871
Signed-off-by: lujie54 <lujie54@huawei.com>
---
policy/modules/contrib/iscsi.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/contrib/iscsi.te b/policy/modules/contrib/iscsi.te
index 76a7607..5bcf209 100644
--- a/policy/modules/contrib/iscsi.te
+++ b/policy/modules/contrib/iscsi.te
@@ -36,6 +36,7 @@ files_pid_file(iscsi_var_run_t)
#
allow iscsid_t self:capability { dac_read_search ipc_lock net_admin net_raw sys_admin sys_nice sys_module sys_resource };
+allow iscsid_t self:cap_userns sys_ptrace;
allow iscsid_t self:process { setrlimit setsched signal };
allow iscsid_t self:fifo_file rw_fifo_file_perms;
allow iscsid_t self:unix_stream_socket { accept connectto listen };
--
1.8.3.1
Reference in New Issue View Git Blame Copy Permalink