diff options
author | Yi Zhao <yi.zhao@windriver.com> | 2024-03-04 15:18:22 +0800 |
---|---|---|
committer | Joe MacDonald <joe@deserted.net> | 2024-03-12 08:34:35 -0400 |
commit | 7fc76cf77b007a3f79b7369ce578d11270aef9c2 (patch) | |
tree | 4d9052fd0bb94d6e777b806d7cc3a0a7083f05be /recipes-security/refpolicy/refpolicy/0054-policy-modules-system-setrans-allow-setrans_t-use-fd.patch | |
parent | 4544e817a1b549976749b0b9e355834cc54d6ea0 (diff) | |
download | meta-selinux-7fc76cf77b007a3f79b7369ce578d11270aef9c2.tar.gz |
refpolicy: upgrade 20231002+git -> 20240226+git
ChangeLog:
https://github.com/SELinuxProject/refpolicy/blob/main/Changelog
Notable Changes:
Many systemd updates up to v255
RPM and dnf fixes
Tighten private key handling for Apache
Many container and kubernetes improvements
Add support for Cilium
Update object class definitions up to io_uring:cmd
Add additional rules to cloud-init based on sysadm_t
* Update to latest git rev.
* Refresh patches.
* Add a patch to fix reboot timeout error.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0054-policy-modules-system-setrans-allow-setrans_t-use-fd.patch')
-rw-r--r-- | recipes-security/refpolicy/refpolicy/0054-policy-modules-system-setrans-allow-setrans_t-use-fd.patch | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0054-policy-modules-system-setrans-allow-setrans_t-use-fd.patch b/recipes-security/refpolicy/refpolicy/0054-policy-modules-system-setrans-allow-setrans_t-use-fd.patch new file mode 100644 index 0000000..5118ef8 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0054-policy-modules-system-setrans-allow-setrans_t-use-fd.patch | |||
@@ -0,0 +1,30 @@ | |||
1 | From 6d6e2d34ec63771a01ef258c98f1ad49efdc2f67 Mon Sep 17 00:00:00 2001 | ||
2 | From: Roy Li <rongqing.li@windriver.com> | ||
3 | Date: Sat, 22 Feb 2014 13:35:38 +0800 | ||
4 | Subject: [PATCH] policy/modules/system/setrans: allow setrans_t use fd at any | ||
5 | level | ||
6 | |||
7 | Upstream-Status: Inappropriate [embedded specific] | ||
8 | |||
9 | Signed-off-by: Roy Li <rongqing.li@windriver.com> | ||
10 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
11 | --- | ||
12 | policy/modules/system/setrans.te | 2 ++ | ||
13 | 1 file changed, 2 insertions(+) | ||
14 | |||
15 | diff --git a/policy/modules/system/setrans.te b/policy/modules/system/setrans.te | ||
16 | index 12e66aad9..5510f7fac 100644 | ||
17 | --- a/policy/modules/system/setrans.te | ||
18 | +++ b/policy/modules/system/setrans.te | ||
19 | @@ -69,6 +69,8 @@ mls_net_receive_all_levels(setrans_t) | ||
20 | mls_socket_write_all_levels(setrans_t) | ||
21 | mls_process_read_all_levels(setrans_t) | ||
22 | mls_socket_read_all_levels(setrans_t) | ||
23 | +mls_fd_use_all_levels(setrans_t) | ||
24 | +mls_trusted_object(setrans_t) | ||
25 | |||
26 | selinux_compute_access_vector(setrans_t) | ||
27 | |||
28 | -- | ||
29 | 2.25.1 | ||
30 | |||