summaryrefslogtreecommitdiffstats
path: root/recipes-security/refpolicy/refpolicy/0064-policy-modules-roles-sysadm-allow-sysadm_t-to-watch-.patch
diff options
context:
space:
mode:
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0064-policy-modules-roles-sysadm-allow-sysadm_t-to-watch-.patch')
-rw-r--r--recipes-security/refpolicy/refpolicy/0064-policy-modules-roles-sysadm-allow-sysadm_t-to-watch-.patch33
1 files changed, 0 insertions, 33 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0064-policy-modules-roles-sysadm-allow-sysadm_t-to-watch-.patch b/recipes-security/refpolicy/refpolicy/0064-policy-modules-roles-sysadm-allow-sysadm_t-to-watch-.patch
deleted file mode 100644
index dbd1390..0000000
--- a/recipes-security/refpolicy/refpolicy/0064-policy-modules-roles-sysadm-allow-sysadm_t-to-watch-.patch
+++ /dev/null
@@ -1,33 +0,0 @@
1From 291d3329c280b6b8b70fcc3092ac4d3399936825 Mon Sep 17 00:00:00 2001
2From: Yi Zhao <yi.zhao@windriver.com>
3Date: Mon, 29 Jun 2020 10:32:25 +0800
4Subject: [PATCH] policy/modules/roles/sysadm: allow sysadm_t to watch runtime
5 dirs
6
7Fixes:
8Failed to add a watch for /run/systemd/ask-password: Permission denied
9
10Upstream-Status: Inappropriate [embedded specific]
11
12Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
13---
14 policy/modules/roles/sysadm.te | 3 +++
15 1 file changed, 3 insertions(+)
16
17diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
18index 129e94229..a4abaefe4 100644
19--- a/policy/modules/roles/sysadm.te
20+++ b/policy/modules/roles/sysadm.te
21@@ -83,6 +83,9 @@ ifdef(`init_systemd',`
22 init_dbus_chat(sysadm_t)
23
24 systemd_sysadm_user(sysadm_t)
25+
26+ systemd_filetrans_passwd_runtime_dirs(sysadm_t)
27+ allow sysadm_t systemd_passwd_runtime_t:dir watch;
28 ')
29
30 tunable_policy(`allow_ptrace',`
31--
322.17.1
33
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-11 10:09:43 +0000