diff options
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0064-policy-modules-roles-sysadm-allow-sysadm_t-to-watch-.patch')
-rw-r--r-- | recipes-security/refpolicy/refpolicy/0064-policy-modules-roles-sysadm-allow-sysadm_t-to-watch-.patch | 33 |
1 files changed, 0 insertions, 33 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0064-policy-modules-roles-sysadm-allow-sysadm_t-to-watch-.patch b/recipes-security/refpolicy/refpolicy/0064-policy-modules-roles-sysadm-allow-sysadm_t-to-watch-.patch deleted file mode 100644 index dbd1390..0000000 --- a/recipes-security/refpolicy/refpolicy/0064-policy-modules-roles-sysadm-allow-sysadm_t-to-watch-.patch +++ /dev/null | |||
@@ -1,33 +0,0 @@ | |||
1 | From 291d3329c280b6b8b70fcc3092ac4d3399936825 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yi Zhao <yi.zhao@windriver.com> | ||
3 | Date: Mon, 29 Jun 2020 10:32:25 +0800 | ||
4 | Subject: [PATCH] policy/modules/roles/sysadm: allow sysadm_t to watch runtime | ||
5 | dirs | ||
6 | |||
7 | Fixes: | ||
8 | Failed to add a watch for /run/systemd/ask-password: Permission denied | ||
9 | |||
10 | Upstream-Status: Inappropriate [embedded specific] | ||
11 | |||
12 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
13 | --- | ||
14 | policy/modules/roles/sysadm.te | 3 +++ | ||
15 | 1 file changed, 3 insertions(+) | ||
16 | |||
17 | diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te | ||
18 | index 129e94229..a4abaefe4 100644 | ||
19 | --- a/policy/modules/roles/sysadm.te | ||
20 | +++ b/policy/modules/roles/sysadm.te | ||
21 | @@ -83,6 +83,9 @@ ifdef(`init_systemd',` | ||
22 | init_dbus_chat(sysadm_t) | ||
23 | |||
24 | systemd_sysadm_user(sysadm_t) | ||
25 | + | ||
26 | + systemd_filetrans_passwd_runtime_dirs(sysadm_t) | ||
27 | + allow sysadm_t systemd_passwd_runtime_t:dir watch; | ||
28 | ') | ||
29 | |||
30 | tunable_policy(`allow_ptrace',` | ||
31 | -- | ||
32 | 2.17.1 | ||
33 | |||