diff options
Diffstat (limited to 'recipes-security/refpolicy/refpolicy-targeted/refpolicy-fix-optional-issue-on-sysadm-module.patch')
-rw-r--r-- | recipes-security/refpolicy/refpolicy-targeted/refpolicy-fix-optional-issue-on-sysadm-module.patch | 34 |
1 files changed, 19 insertions, 15 deletions
diff --git a/recipes-security/refpolicy/refpolicy-targeted/refpolicy-fix-optional-issue-on-sysadm-module.patch b/recipes-security/refpolicy/refpolicy-targeted/refpolicy-fix-optional-issue-on-sysadm-module.patch index 2dd8291..b33e84b 100644 --- a/recipes-security/refpolicy/refpolicy-targeted/refpolicy-fix-optional-issue-on-sysadm-module.patch +++ b/recipes-security/refpolicy/refpolicy-targeted/refpolicy-fix-optional-issue-on-sysadm-module.patch | |||
@@ -11,17 +11,18 @@ Upstream-Status: pending | |||
11 | 11 | ||
12 | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com> | 12 | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com> |
13 | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> | 13 | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> |
14 | Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> | ||
14 | --- | 15 | --- |
15 | policy/modules/system/init.te | 14 ++++++++------ | 16 | policy/modules/system/init.te | 14 ++++++++------ |
16 | policy/modules/system/locallogin.te | 4 +++- | 17 | policy/modules/system/locallogin.te | 4 +++- |
17 | 2 files changed, 11 insertions(+), 7 deletions(-) | 18 | 2 files changed, 11 insertions(+), 7 deletions(-) |
18 | 19 | ||
19 | diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te | ||
20 | index c058f0c..d710fb0 100644 | ||
21 | --- a/policy/modules/system/init.te | 20 | --- a/policy/modules/system/init.te |
22 | +++ b/policy/modules/system/init.te | 21 | +++ b/policy/modules/system/init.te |
23 | @@ -292,12 +292,14 @@ ifdef(`init_systemd',` | 22 | @@ -344,17 +344,19 @@ ifdef(`init_systemd',` |
24 | modutils_domtrans_insmod(init_t) | 23 | |
24 | optional_policy(` | ||
25 | modutils_domtrans(init_t) | ||
25 | ') | 26 | ') |
26 | ',` | 27 | ',` |
27 | - tunable_policy(`init_upstart',` | 28 | - tunable_policy(`init_upstart',` |
@@ -29,23 +30,27 @@ index c058f0c..d710fb0 100644 | |||
29 | - ',` | 30 | - ',` |
30 | - # Run the shell in the sysadm role for single-user mode. | 31 | - # Run the shell in the sysadm role for single-user mode. |
31 | - # causes problems with upstart | 32 | - # causes problems with upstart |
32 | - sysadm_shell_domtrans(init_t) | 33 | - ifndef(`distro_debian',` |
34 | - sysadm_shell_domtrans(init_t) | ||
33 | + optional_policy(` | 35 | + optional_policy(` |
34 | + tunable_policy(`init_upstart',` | 36 | + tunable_policy(`init_upstart',` |
35 | + corecmd_shell_domtrans(init_t, initrc_t) | 37 | + corecmd_shell_domtrans(init_t, initrc_t) |
36 | + ',` | 38 | + ',` |
37 | + # Run the shell in the sysadm role for single-user mode. | 39 | + # Run the shell in the sysadm role for single-user mode. |
38 | + # causes problems with upstart | 40 | + # causes problems with upstart |
39 | + sysadm_shell_domtrans(init_t) | 41 | + ifndef(`distro_debian',` |
40 | + ') | 42 | + sysadm_shell_domtrans(init_t) |
43 | + ') | ||
44 | ') | ||
41 | ') | 45 | ') |
42 | ') | 46 | ') |
43 | 47 | ||
44 | diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te | 48 | ifdef(`distro_debian',` |
45 | index 0781eae..ea2493a 100644 | ||
46 | --- a/policy/modules/system/locallogin.te | 49 | --- a/policy/modules/system/locallogin.te |
47 | +++ b/policy/modules/system/locallogin.te | 50 | +++ b/policy/modules/system/locallogin.te |
48 | @@ -246,7 +246,9 @@ userdom_use_unpriv_users_fds(sulogin_t) | 51 | @@ -260,11 +260,13 @@ seutil_read_default_contexts(sulogin_t) |
52 | userdom_use_unpriv_users_fds(sulogin_t) | ||
53 | |||
49 | userdom_search_user_home_dirs(sulogin_t) | 54 | userdom_search_user_home_dirs(sulogin_t) |
50 | userdom_use_user_ptys(sulogin_t) | 55 | userdom_use_user_ptys(sulogin_t) |
51 | 56 | ||
@@ -54,8 +59,7 @@ index 0781eae..ea2493a 100644 | |||
54 | + sysadm_shell_domtrans(sulogin_t) | 59 | + sysadm_shell_domtrans(sulogin_t) |
55 | +') | 60 | +') |
56 | 61 | ||
57 | # suse and debian do not use pam with sulogin... | 62 | # by default, sulogin does not use pam... |
58 | ifdef(`distro_suse', `define(`sulogin_no_pam')') | 63 | # sulogin_pam might need to be defined otherwise |
59 | -- | 64 | ifdef(`sulogin_pam', ` |
60 | 1.9.1 | 65 | selinux_get_fs_mount(sulogin_t) |
61 | |||