diff options
Diffstat (limited to 'recipes-security/refpolicy/refpolicy-git/0002-refpolicy-minimum-locallogin-add-allow-rules-for-typ.patch')
-rw-r--r-- | recipes-security/refpolicy/refpolicy-git/0002-refpolicy-minimum-locallogin-add-allow-rules-for-typ.patch | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/recipes-security/refpolicy/refpolicy-git/0002-refpolicy-minimum-locallogin-add-allow-rules-for-typ.patch b/recipes-security/refpolicy/refpolicy-git/0002-refpolicy-minimum-locallogin-add-allow-rules-for-typ.patch deleted file mode 100644 index e2c6c89..0000000 --- a/recipes-security/refpolicy/refpolicy-git/0002-refpolicy-minimum-locallogin-add-allow-rules-for-typ.patch +++ /dev/null | |||
@@ -1,54 +0,0 @@ | |||
1 | From b69a82237ccc8de3f5b822739760f5cb6596fe51 Mon Sep 17 00:00:00 2001 | ||
2 | From: Shrikant Bobade <shrikant_bobade@mentor.com> | ||
3 | Date: Fri, 26 Aug 2016 17:53:46 +0530 | ||
4 | Subject: [PATCH 2/9] refpolicy-minimum: locallogin: add allow rules for type | ||
5 | local_login_t | ||
6 | |||
7 | add allow rules for locallogin module avc denials. | ||
8 | |||
9 | without this change we are getting errors like these: | ||
10 | |||
11 | type=AVC msg=audit(): avc: denied { read write open } for pid=353 | ||
12 | comm="login" path="/var/volatile/log/lastlog" dev="tmpfs" ino=12281 scontext | ||
13 | =system_u:system_r:local_login_t:s0-s0:c0.c1023 tcontext=system_u:object_r: | ||
14 | var_log_t:s0 tclass=file permissive=1 | ||
15 | |||
16 | type=AVC msg=audit(): avc: denied { sendto } for pid=353 comm="login" | ||
17 | path="/run/systemd/journal/dev-log" scontext=system_u:system_r: | ||
18 | local_login_t:s0-s0:c0.c1023 tcontext=system_u:system_r:initrc_t:s0 | ||
19 | tclass=unix_dgram_socket permissive=1 | ||
20 | |||
21 | type=AVC msg=audit(): avc: denied { lock } for pid=353 comm="login" path= | ||
22 | "/var/volatile/log/lastlog" dev="tmpfs" ino=12281 scontext=system_u:system_r | ||
23 | :local_login_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_log_t:s0 tclass | ||
24 | =file permissive=1 | ||
25 | |||
26 | Upstream-Status: Pending | ||
27 | |||
28 | Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com> | ||
29 | Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> | ||
30 | --- | ||
31 | policy/modules/system/locallogin.te | 10 ++++++++++ | ||
32 | 1 file changed, 10 insertions(+) | ||
33 | |||
34 | diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te | ||
35 | index 4c679ff3..75750e4c 100644 | ||
36 | --- a/policy/modules/system/locallogin.te | ||
37 | +++ b/policy/modules/system/locallogin.te | ||
38 | @@ -288,3 +288,13 @@ optional_policy(` | ||
39 | optional_policy(` | ||
40 | nscd_use(sulogin_t) | ||
41 | ') | ||
42 | + | ||
43 | +allow local_login_t initrc_t:fd use; | ||
44 | +allow local_login_t initrc_t:unix_dgram_socket sendto; | ||
45 | +allow local_login_t initrc_t:unix_stream_socket connectto; | ||
46 | +allow local_login_t self:capability net_admin; | ||
47 | +allow local_login_t var_log_t:file { create lock open read write }; | ||
48 | +allow local_login_t var_run_t:file { open read write lock}; | ||
49 | +allow local_login_t var_run_t:sock_file write; | ||
50 | +allow local_login_t tmpfs_t:dir { add_name write search}; | ||
51 | +allow local_login_t tmpfs_t:file { create open read write lock }; | ||
52 | -- | ||
53 | 2.19.1 | ||
54 | |||