diff options
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0044-policy-modules-system-authlogin-allow-chkpwd_t-to-ma.patch')
-rw-r--r-- | recipes-security/refpolicy/refpolicy/0044-policy-modules-system-authlogin-allow-chkpwd_t-to-ma.patch | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0044-policy-modules-system-authlogin-allow-chkpwd_t-to-ma.patch b/recipes-security/refpolicy/refpolicy/0044-policy-modules-system-authlogin-allow-chkpwd_t-to-ma.patch new file mode 100644 index 0000000..f929df2 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0044-policy-modules-system-authlogin-allow-chkpwd_t-to-ma.patch | |||
@@ -0,0 +1,34 @@ | |||
1 | From 0e3199f243a47853452a877ebad5360bc8c1f2f1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yi Zhao <yi.zhao@windriver.com> | ||
3 | Date: Thu, 21 Nov 2019 13:58:28 +0800 | ||
4 | Subject: [PATCH] policy/modules/system/authlogin: allow chkpwd_t to map | ||
5 | shadow_t | ||
6 | |||
7 | Fixes: | ||
8 | avc: denied { map } for pid=244 comm="unix_chkpwd" path="/etc/shadow" | ||
9 | dev="vda" ino=443 scontext=system_u:system_r:chkpwd_t | ||
10 | tcontext=system_u:object_r:shadow_t tclass=file permissive=0 | ||
11 | |||
12 | Upstream-Status: Inappropriate [embedded specific] | ||
13 | |||
14 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
15 | --- | ||
16 | policy/modules/system/authlogin.te | 2 +- | ||
17 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
18 | |||
19 | diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te | ||
20 | index 0fc5951e9..e999fa798 100644 | ||
21 | --- a/policy/modules/system/authlogin.te | ||
22 | +++ b/policy/modules/system/authlogin.te | ||
23 | @@ -100,7 +100,7 @@ allow chkpwd_t self:capability { dac_override setuid }; | ||
24 | dontaudit chkpwd_t self:capability sys_tty_config; | ||
25 | allow chkpwd_t self:process { getattr signal }; | ||
26 | |||
27 | -allow chkpwd_t shadow_t:file read_file_perms; | ||
28 | +allow chkpwd_t shadow_t:file { read_file_perms map }; | ||
29 | files_list_etc(chkpwd_t) | ||
30 | |||
31 | kernel_read_crypto_sysctls(chkpwd_t) | ||
32 | -- | ||
33 | 2.17.1 | ||
34 | |||