1 files changed, 15 insertions, 15 deletions
diff --git a/recipes-security/refpolicy/refpolicy-targeted/refpolicy-unconfined_u-default-user.patch b/recipes-security/refpolicy/refpolicy-targeted/refpolicy-unconfined_u-default-user.patch
index 29d3e2d..f28ab74 100644
--- a/recipes-security/refpolicy/refpolicy-targeted/refpolicy-unconfined_u-default-user.patch
+++ b/recipes-security/refpolicy/refpolicy-targeted/refpolicy-unconfined_u-default-user.patch
@@ -30,21 +30,21 @@ Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
 +
 --- a/policy/modules/roles/sysadm.te
 +++ b/policy/modules/roles/sysadm.te
-@@ -37,10 +37,11 @@ ubac_process_exempt(sysadm_t)
+@@ -41,10 +41,11 @@ init_reload(sysadm_t)
- ubac_file_exempt(sysadm_t)
+ init_reboot_system(sysadm_t)
- ubac_fd_exempt(sysadm_t)
+ init_shutdown_system(sysadm_t)
- 
+ init_start_generic_units(sysadm_t)
- init_exec(sysadm_t)
+ init_stop_generic_units(sysadm_t)
- init_admin(sysadm_t)
+ init_reload_generic_units(sysadm_t)
 +init_script_role_transition(sysadm_r)
 
- selinux_read_policy(sysadm_t)
- 
 # Add/remove user home directories
 userdom_manage_user_home_dirs(sysadm_t)
+ userdom_home_filetrans_user_home_dir(sysadm_t)
+ 
 --- a/policy/modules/system/init.if
 +++ b/policy/modules/system/init.if
-@@ -1394,30 +1394,31 @@ interface(`init_script_file_entry_type',
+@@ -1232,30 +1232,31 @@ interface(`init_script_file_entry_type',
 ##     </summary>
 ## </param>
 #
@@ -80,7 +80,7 @@ Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
 
 ########################################
 ## <summary>
-@@ -1429,22 +1430,23 @@ interface(`init_spec_domtrans_script',`
+@@ -1267,22 +1268,23 @@ interface(`init_spec_domtrans_script',`
 ##     </summary>
 ## </param>
 #
@@ -108,11 +108,11 @@ Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
 
 ########################################
 ## <summary>
-@@ -2972,5 +2974,34 @@ interface(`init_admin',`
+@@ -2502,5 +2504,34 @@ interface(`init_reload_all_units',`
-        init_stop_all_units($1)
+                class service reload;
-        init_stop_generic_units($1)
+        ')
-        init_stop_system($1)
+ 
-        init_telinit($1)
+        allow $1 systemdunit:service reload;
 ')
 +
 +########################################

diff --git a/recipes-security/refpolicy/refpolicy-targeted/refpolicy-unconfined_u-default-user.patch b/recipes-security/refpolicy/refpolicy-targeted/refpolicy-unconfined_u-default-user.patch index 29d3e2d..f28ab74 100644 --- a/recipes-security/refpolicy/refpolicy-targeted/refpolicy-unconfined_u-default-user.patch +++ b/recipes-security/refpolicy/refpolicy-targeted/refpolicy-unconfined_u-default-user.patch
@@ -30,21 +30,21 @@ Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
30	+	30	+
31	--- a/policy/modules/roles/sysadm.te	31	--- a/policy/modules/roles/sysadm.te
32	+++ b/policy/modules/roles/sysadm.te	32	+++ b/policy/modules/roles/sysadm.te
33	@@ -37,10 +37,11 @@ ubac_process_exempt(sysadm_t)	33	@@ -41,10 +41,11 @@ init_reload(sysadm_t)
34	ubac_file_exempt(sysadm_t)	34	init_reboot_system(sysadm_t)
35	ubac_fd_exempt(sysadm_t)	35	init_shutdown_system(sysadm_t)
36		36	init_start_generic_units(sysadm_t)
37	init_exec(sysadm_t)	37	init_stop_generic_units(sysadm_t)
38	init_admin(sysadm_t)	38	init_reload_generic_units(sysadm_t)
39	+init_script_role_transition(sysadm_r)	39	+init_script_role_transition(sysadm_r)
40		40
41	selinux_read_policy(sysadm_t)
42
43	# Add/remove user home directories	41	# Add/remove user home directories
44	userdom_manage_user_home_dirs(sysadm_t)	42	userdom_manage_user_home_dirs(sysadm_t)
		43	userdom_home_filetrans_user_home_dir(sysadm_t)
		44
45	--- a/policy/modules/system/init.if	45	--- a/policy/modules/system/init.if
46	+++ b/policy/modules/system/init.if	46	+++ b/policy/modules/system/init.if
47	@@ -1394,30 +1394,31 @@ interface(`init_script_file_entry_type',	47	@@ -1232,30 +1232,31 @@ interface(`init_script_file_entry_type',
48	## </summary>	48	## </summary>
49	## </param>	49	## </param>
50	#	50	#
@@ -80,7 +80,7 @@ Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
80		80
81	########################################	81	########################################
82	## <summary>	82	## <summary>
83	@@ -1429,22 +1430,23 @@ interface(`init_spec_domtrans_script',`	83	@@ -1267,22 +1268,23 @@ interface(`init_spec_domtrans_script',`
84	## </summary>	84	## </summary>
85	## </param>	85	## </param>
86	#	86	#
@@ -108,11 +108,11 @@ Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
108		108
109	########################################	109	########################################
110	## <summary>	110	## <summary>
111	@@ -2972,5 +2974,34 @@ interface(`init_admin',`	111	@@ -2502,5 +2504,34 @@ interface(`init_reload_all_units',`
112	init_stop_all_units($1)	112	class service reload;
113	init_stop_generic_units($1)	113	')
114	init_stop_system($1)	114
115	init_telinit($1)	115	allow $1 systemdunit:service reload;
116	')	116	')
117	+	117	+
118	+########################################	118	+########################################