1 files changed, 33 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0051-policy-modules-system-selinuxutil-allow-semanage_t-t.patch b/recipes-security/refpolicy/refpolicy/0051-policy-modules-system-selinuxutil-allow-semanage_t-t.patch
new file mode 100644
index 0000000..d4f996d
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0051-policy-modules-system-selinuxutil-allow-semanage_t-t.patch
@@ -0,0 +1,33 @@
+From 2c8464254adf0b2635e5abf4ccc4473c96fa0006 Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Mon, 29 Jun 2020 14:30:58 +0800
+Subject: [PATCH] policy/modules/system/selinuxutil: allow semanage_t to read
+ /var/lib
+Upstream-Status: Inappropriate [embedded specific]
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ policy/modules/system/selinuxutil.te | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
+index fad28f179..09fef149b 100644
+--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
+@@ -544,10 +544,8 @@ userdom_map_user_home_content_files(semanage_t)
+ userdom_read_user_tmp_files(semanage_t)
+ userdom_map_user_tmp_files(semanage_t)
+ 
+-ifdef(`distro_debian',`
+-       files_read_var_lib_files(semanage_t)
+-       files_read_var_lib_symlinks(semanage_t)
+-')
+files_read_var_lib_files(semanage_t)
+files_read_var_lib_symlinks(semanage_t)
+ 
+ ifdef(`distro_ubuntu',`
+        optional_policy(`
+-- 
+2.17.1

diff --git a/recipes-security/refpolicy/refpolicy/0051-policy-modules-system-selinuxutil-allow-semanage_t-t.patch b/recipes-security/refpolicy/refpolicy/0051-policy-modules-system-selinuxutil-allow-semanage_t-t.patch new file mode 100644 index 0000000..d4f996d --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0051-policy-modules-system-selinuxutil-allow-semanage_t-t.patch
@@ -0,0 +1,33 @@
	1	From 2c8464254adf0b2635e5abf4ccc4473c96fa0006 Mon Sep 17 00:00:00 2001
	2	From: Yi Zhao <yi.zhao@windriver.com>
	3	Date: Mon, 29 Jun 2020 14:30:58 +0800
	4	Subject: [PATCH] policy/modules/system/selinuxutil: allow semanage_t to read
	5	/var/lib
	6
	7	Upstream-Status: Inappropriate [embedded specific]
	8
	9	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
	10	---
	11	policy/modules/system/selinuxutil.te \| 6 ++----
	12	1 file changed, 2 insertions(+), 4 deletions(-)
	13
	14	diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
	15	index fad28f179..09fef149b 100644
	16	--- a/policy/modules/system/selinuxutil.te
	17	+++ b/policy/modules/system/selinuxutil.te
	18	@@ -544,10 +544,8 @@ userdom_map_user_home_content_files(semanage_t)
	19	userdom_read_user_tmp_files(semanage_t)
	20	userdom_map_user_tmp_files(semanage_t)
	21
	22	-ifdef(`distro_debian',`
	23	- files_read_var_lib_files(semanage_t)
	24	- files_read_var_lib_symlinks(semanage_t)
	25	-')
	26	+files_read_var_lib_files(semanage_t)
	27	+files_read_var_lib_symlinks(semanage_t)
	28
	29	ifdef(`distro_ubuntu',`
	30	optional_policy(`
	31	--
	32	2.17.1
	33