1 files changed, 38 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0040-policy-modules-roles-sysadm-allow-sysadm-to-run-rpci.patch b/recipes-security/refpolicy/refpolicy/0040-policy-modules-roles-sysadm-allow-sysadm-to-run-rpci.patch
new file mode 100644
index 0000000..e5ad291
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0040-policy-modules-roles-sysadm-allow-sysadm-to-run-rpci.patch
@@ -0,0 +1,38 @@
+From 354389c93e26bb8d8e8c1c126b01d838a6a214c8 Mon Sep 17 00:00:00 2001
+From: Roy Li <rongqing.li@windriver.com>
+Date: Sat, 15 Feb 2014 09:45:00 +0800
+Subject: [PATCH] policy/modules/roles/sysadm: allow sysadm to run rpcinfo
+Fixes:
+$ rpcinfo
+rpcinfo: can't contact rpcbind: RPC: Remote system error - Permission denied
+avc:  denied  { connectto } for  pid=406 comm="rpcinfo"
+path="/run/rpcbind.sock" scontext=root:sysadm_r:sysadm_t
+tcontext=system_u:system_r:rpcbind_t tclass=unix_stream_socket
+permissive=0
+Upstream-Status: Inappropriate [embedded specific]
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ policy/modules/roles/sysadm.te | 1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
+index f0370b426..fc0945fe4 100644
+--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
+@@ -962,6 +962,7 @@ optional_policy(`
+ ')
+ 
+ optional_policy(`
+       rpcbind_stream_connect(sysadm_t)
+        rpcbind_admin(sysadm_t, sysadm_r)
+ ')
+ 
+-- 
+2.17.1

diff --git a/recipes-security/refpolicy/refpolicy/0040-policy-modules-roles-sysadm-allow-sysadm-to-run-rpci.patch b/recipes-security/refpolicy/refpolicy/0040-policy-modules-roles-sysadm-allow-sysadm-to-run-rpci.patch new file mode 100644 index 0000000..e5ad291 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0040-policy-modules-roles-sysadm-allow-sysadm-to-run-rpci.patch
@@ -0,0 +1,38 @@
	1	From 354389c93e26bb8d8e8c1c126b01d838a6a214c8 Mon Sep 17 00:00:00 2001
	2	From: Roy Li <rongqing.li@windriver.com>
	3	Date: Sat, 15 Feb 2014 09:45:00 +0800
	4	Subject: [PATCH] policy/modules/roles/sysadm: allow sysadm to run rpcinfo
	5
	6	Fixes:
	7	$ rpcinfo
	8	rpcinfo: can't contact rpcbind: RPC: Remote system error - Permission denied
	9
	10	avc: denied { connectto } for pid=406 comm="rpcinfo"
	11	path="/run/rpcbind.sock" scontext=root:sysadm_r:sysadm_t
	12	tcontext=system_u:system_r:rpcbind_t tclass=unix_stream_socket
	13	permissive=0
	14
	15	Upstream-Status: Inappropriate [embedded specific]
	16
	17	Signed-off-by: Roy Li <rongqing.li@windriver.com>
	18	Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
	19	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
	20	---
	21	policy/modules/roles/sysadm.te \| 1 +
	22	1 file changed, 1 insertion(+)
	23
	24	diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
	25	index f0370b426..fc0945fe4 100644
	26	--- a/policy/modules/roles/sysadm.te
	27	+++ b/policy/modules/roles/sysadm.te
	28	@@ -962,6 +962,7 @@ optional_policy(`
	29	')
	30
	31	optional_policy(`
	32	+ rpcbind_stream_connect(sysadm_t)
	33	rpcbind_admin(sysadm_t, sysadm_r)
	34	')
	35
	36	--
	37	2.17.1
	38