diff options
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0058-policy-modules-system-systemd-systemd-gpt-auto-gener.patch')
-rw-r--r-- | recipes-security/refpolicy/refpolicy/0058-policy-modules-system-systemd-systemd-gpt-auto-gener.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0058-policy-modules-system-systemd-systemd-gpt-auto-gener.patch b/recipes-security/refpolicy/refpolicy/0058-policy-modules-system-systemd-systemd-gpt-auto-gener.patch new file mode 100644 index 0000000..fc1684f --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0058-policy-modules-system-systemd-systemd-gpt-auto-gener.patch | |||
@@ -0,0 +1,35 @@ | |||
1 | From 0607a935759fe3143f473d4a444f92e01aaa2a45 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yi Zhao <yi.zhao@windriver.com> | ||
3 | Date: Tue, 23 Jun 2020 14:52:43 +0800 | ||
4 | Subject: [PATCH] policy/modules/system/systemd: systemd-gpt-auto-generator: do | ||
5 | not audit attempts to read or write unallocated ttys | ||
6 | |||
7 | Fixes: | ||
8 | avc: denied { read write } for pid=87 comm="systemd-getty-g" | ||
9 | name="ttyS0" dev="devtmpfs" ino=10128 | ||
10 | scontext=system_u:system_r:systemd_generator_t | ||
11 | tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=0 | ||
12 | |||
13 | Upstream-Status: Inappropriate [embedded specific] | ||
14 | |||
15 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
16 | --- | ||
17 | policy/modules/system/systemd.te | 2 ++ | ||
18 | 1 file changed, 2 insertions(+) | ||
19 | |||
20 | diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te | ||
21 | index f82031a09..fb8d4960f 100644 | ||
22 | --- a/policy/modules/system/systemd.te | ||
23 | +++ b/policy/modules/system/systemd.te | ||
24 | @@ -400,6 +400,8 @@ storage_raw_read_fixed_disk(systemd_generator_t) | ||
25 | |||
26 | systemd_log_parse_environment(systemd_generator_t) | ||
27 | |||
28 | +term_dontaudit_use_unallocated_ttys(systemd_generator_t) | ||
29 | + | ||
30 | optional_policy(` | ||
31 | fstools_exec(systemd_generator_t) | ||
32 | ') | ||
33 | -- | ||
34 | 2.17.1 | ||
35 | |||