summaryrefslogtreecommitdiffstats
path: root/recipes-security/refpolicy/refpolicy/0055-policy-modules-system-systemd-allow-systemd-generato.patch
diff options
context:
space:
mode:
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0055-policy-modules-system-systemd-allow-systemd-generato.patch')
-rw-r--r--recipes-security/refpolicy/refpolicy/0055-policy-modules-system-systemd-allow-systemd-generato.patch69
1 files changed, 0 insertions, 69 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0055-policy-modules-system-systemd-allow-systemd-generato.patch b/recipes-security/refpolicy/refpolicy/0055-policy-modules-system-systemd-allow-systemd-generato.patch
deleted file mode 100644
index 9d4bbf7..0000000
--- a/recipes-security/refpolicy/refpolicy/0055-policy-modules-system-systemd-allow-systemd-generato.patch
+++ /dev/null
@@ -1,69 +0,0 @@
1From 954a49ec0a4dc64fd9e513abe7a737d956b337ca Mon Sep 17 00:00:00 2001
2From: Yi Zhao <yi.zhao@windriver.com>
3Date: Tue, 9 Feb 2021 17:50:24 +0800
4Subject: [PATCH] policy/modules/system/systemd: allow systemd-generators to
5 get the attributes of tmpfs and cgroup
6
7* Allow systemd-generators to get the attributes of a tmpfs
8* Allow systemd-generators to get the attributes of cgroup filesystems
9
10Fixes:
11systemd[95]: /lib/systemd/system-generators/systemd-fstab-generator failed with exit status 1.
12
13avc: denied { getattr } for pid=102 comm="systemd-run-gen" name="/"
14dev="tmpfs" ino=11208 scontext=system_u:system_r:systemd_generator_t
15tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=0
16
17avc: denied { getattr } for pid=98 comm="systemd-getty-g" name="/"
18dev="tmpfs" ino=11208 scontext=system_u:system_r:systemd_generator_t
19tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=0
20
21avc: denied { getattr } for pid=104 comm="systemd-sysv-ge" name="/"
22dev="tmpfs" ino=11208 scontext=system_u:system_r:systemd_generator_t
23tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=0
24
25avc: denied { getattr } for pid=97 comm="systemd-fstab-g" name="/"
26dev="tmpfs" ino=11208 scontext=system_u:system_r:systemd_generator_t
27tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=0
28
29avc: denied { getattr } for pid=102 comm="systemd-run-gen" name="/"
30dev="cgroup" ino=1 scontext=system_u:system_r:systemd_generator_t
31tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=0
32
33avc: denied { getattr } for pid=100 comm="systemd-hiberna" name="/"
34dev="cgroup" ino=1 scontext=system_u:system_r:systemd_generator_t
35tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=0
36
37avc: denied { getattr } for pid=99 comm="systemd-gpt-aut" name="/"
38dev="cgroup2" ino=1 scontext=system_u:system_r:systemd_generator_t
39tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=0
40
41avc: denied { getattr } for pid=97 comm="systemd-fstab-g"
42path="/var/volatile" dev="vda" ino=37131
43scontext=system_u:system_r:systemd_generator_t
44tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=0
45
46Upstream-Status: Inappropriate [embedded specific]
47
48Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
49---
50 policy/modules/system/systemd.te | 3 +++
51 1 file changed, 3 insertions(+)
52
53diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
54index 2d9d7d331..c1111198d 100644
55--- a/policy/modules/system/systemd.te
56+++ b/policy/modules/system/systemd.te
57@@ -431,6 +431,9 @@ files_list_usr(systemd_generator_t)
58
59 fs_list_efivars(systemd_generator_t)
60 fs_getattr_xattr_fs(systemd_generator_t)
61+fs_getattr_tmpfs(systemd_generator_t)
62+fs_getattr_cgroup(systemd_generator_t)
63+kernel_getattr_unlabeled_dirs(systemd_generator_t)
64
65 init_create_runtime_files(systemd_generator_t)
66 init_manage_runtime_dirs(systemd_generator_t)
67--
682.17.1
69
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-11 03:59:46 +0000