summaryrefslogtreecommitdiffstats
path: root/recipes-security/refpolicy/refpolicy/0056-policy-modules-roles-sysadm-allow-sysadm_t-to-watch-.patch
diff options
context:
space:
mode:
authorYi Zhao <yi.zhao@windriver.com>2023-07-27 14:07:48 -0400
committerJoe MacDonald <joe@deserted.net>2023-07-31 15:05:30 -0400
commit1924d975283210f0c36bc3c0e8ce516ccc06961f (patch)
tree494be7575b6219b816613ddefb6072973d8e78d4 /recipes-security/refpolicy/refpolicy/0056-policy-modules-roles-sysadm-allow-sysadm_t-to-watch-.patch
parent4f3ec6e10f13aaf19fbca9a18547f9e72ba1ec0a (diff)
downloadmeta-selinux-dunfell.tar.gz
refpolicy: update to 20200229+gitdunfell
* Drop obsolete and unused patches. * Rebase patches. * Add patches to make systemd and sysvinit can work with all policy types. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> (cherry picked from commit 15fed8756aa4828fa12a3d813754b4ca65a7607d) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0056-policy-modules-roles-sysadm-allow-sysadm_t-to-watch-.patch')
-rw-r--r--recipes-security/refpolicy/refpolicy/0056-policy-modules-roles-sysadm-allow-sysadm_t-to-watch-.patch36
1 files changed, 36 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0056-policy-modules-roles-sysadm-allow-sysadm_t-to-watch-.patch b/recipes-security/refpolicy/refpolicy/0056-policy-modules-roles-sysadm-allow-sysadm_t-to-watch-.patch
new file mode 100644
index 0000000..7cf3763
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0056-policy-modules-roles-sysadm-allow-sysadm_t-to-watch-.patch
@@ -0,0 +1,36 @@
1From 7fd830d6b2c60dcf5b8ee0b2ff94436de63d5b8c Mon Sep 17 00:00:00 2001
2From: Yi Zhao <yi.zhao@windriver.com>
3Date: Mon, 29 Jun 2020 10:32:25 +0800
4Subject: [PATCH] policy/modules/roles/sysadm: allow sysadm_t to watch runtime
5 dirs
6
7Fixes:
8Failed to add a watch for /run/systemd/ask-password: Permission denied
9
10Upstream-Status: Inappropriate [embedded specific]
11
12Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
13---
14 policy/modules/roles/sysadm.te | 6 ++++++
15 1 file changed, 6 insertions(+)
16
17diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
18index fc0945fe4..07b9faf30 100644
19--- a/policy/modules/roles/sysadm.te
20+++ b/policy/modules/roles/sysadm.te
21@@ -83,6 +83,12 @@ ifdef(`init_systemd',`
22 # Allow sysadm to resolve the username of dynamic users by calling
23 # LookupDynamicUserByUID on org.freedesktop.systemd1.
24 init_dbus_chat(sysadm_t)
25+
26+ fs_watch_cgroup_files(sysadm_t)
27+ files_watch_etc_symlinks(sysadm_t)
28+ mount_watch_runtime_dirs(sysadm_t)
29+ systemd_filetrans_passwd_runtime_dirs(sysadm_t)
30+ allow sysadm_t systemd_passwd_runtime_t:dir watch;
31 ')
32
33 tunable_policy(`allow_ptrace',`
34--
352.17.1
36