1 files changed, 34 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0047-policy-modules-services-rdisc-allow-rdisc_t-to-searc.patch b/recipes-security/refpolicy/refpolicy/0047-policy-modules-services-rdisc-allow-rdisc_t-to-searc.patch
new file mode 100644
index 0000000..bfb50cc
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0047-policy-modules-services-rdisc-allow-rdisc_t-to-searc.patch
@@ -0,0 +1,34 @@
+From 6bcf62e310931e8be943520a7e1a5686f54a8e34 Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Tue, 23 Jun 2020 15:44:43 +0800
+Subject: [PATCH] policy/modules/services/rdisc: allow rdisc_t to search sbin
+ dir
+Fixes:
+avc:  denied  { search } for  pid=225 comm="rdisc" name="sbin" dev="vda"
+ino=1478 scontext=system_u:system_r:rdisc_t
+tcontext=system_u:object_r:bin_t tclass=dir permissive=0
+Upstream-Status: Inappropriate [embedded specific]
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ policy/modules/services/rdisc.te | 2 ++
+ 1 file changed, 2 insertions(+)
+diff --git a/policy/modules/services/rdisc.te b/policy/modules/services/rdisc.te
+index 82d54dbb7..1dd458f8e 100644
+--- a/policy/modules/services/rdisc.te
+++ b/policy/modules/services/rdisc.te
+@@ -47,6 +47,8 @@ sysnet_read_config(rdisc_t)
+ 
+ userdom_dontaudit_use_unpriv_user_fds(rdisc_t)
+ 
+corecmd_search_bin(rdisc_t)
+
+ optional_policy(`
+        seutil_sigchld_newrole(rdisc_t)
+ ')
+-- 
+2.17.1

diff --git a/recipes-security/refpolicy/refpolicy/0047-policy-modules-services-rdisc-allow-rdisc_t-to-searc.patch b/recipes-security/refpolicy/refpolicy/0047-policy-modules-services-rdisc-allow-rdisc_t-to-searc.patch new file mode 100644 index 0000000..bfb50cc --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0047-policy-modules-services-rdisc-allow-rdisc_t-to-searc.patch
@@ -0,0 +1,34 @@
	1	From 6bcf62e310931e8be943520a7e1a5686f54a8e34 Mon Sep 17 00:00:00 2001
	2	From: Yi Zhao <yi.zhao@windriver.com>
	3	Date: Tue, 23 Jun 2020 15:44:43 +0800
	4	Subject: [PATCH] policy/modules/services/rdisc: allow rdisc_t to search sbin
	5	dir
	6
	7	Fixes:
	8	avc: denied { search } for pid=225 comm="rdisc" name="sbin" dev="vda"
	9	ino=1478 scontext=system_u:system_r:rdisc_t
	10	tcontext=system_u:object_r:bin_t tclass=dir permissive=0
	11
	12	Upstream-Status: Inappropriate [embedded specific]
	13
	14	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
	15	---
	16	policy/modules/services/rdisc.te \| 2 ++
	17	1 file changed, 2 insertions(+)
	18
	19	diff --git a/policy/modules/services/rdisc.te b/policy/modules/services/rdisc.te
	20	index 82d54dbb7..1dd458f8e 100644
	21	--- a/policy/modules/services/rdisc.te
	22	+++ b/policy/modules/services/rdisc.te
	23	@@ -47,6 +47,8 @@ sysnet_read_config(rdisc_t)
	24
	25	userdom_dontaudit_use_unpriv_user_fds(rdisc_t)
	26
	27	+corecmd_search_bin(rdisc_t)
	28	+
	29	optional_policy(`
	30	seutil_sigchld_newrole(rdisc_t)
	31	')
	32	--
	33	2.17.1
	34