diff options
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0078-policy-modules-system-systemd-make-systemd-logind-do.patch')
| -rw-r--r-- | recipes-security/refpolicy/refpolicy/0078-policy-modules-system-systemd-make-systemd-logind-do.patch | 42 |
1 files changed, 0 insertions, 42 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0078-policy-modules-system-systemd-make-systemd-logind-do.patch b/recipes-security/refpolicy/refpolicy/0078-policy-modules-system-systemd-make-systemd-logind-do.patch deleted file mode 100644 index 5ac5a19..0000000 --- a/recipes-security/refpolicy/refpolicy/0078-policy-modules-system-systemd-make-systemd-logind-do.patch +++ /dev/null | |||
| @@ -1,42 +0,0 @@ | |||
| 1 | From 7021844f20c5d5c885edf87abf8ce3329bcc5836 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Wenzong Fan <wenzong.fan@windriver.com> | ||
| 3 | Date: Mon, 23 Jan 2017 08:42:44 +0000 | ||
| 4 | Subject: [PATCH] policy/modules/system/systemd: make systemd-logind domain MLS | ||
| 5 | trusted for reading from files up to its clearance. | ||
| 6 | |||
| 7 | Fixes: | ||
| 8 | avc: denied { search } for pid=184 comm="systemd-logind" | ||
| 9 | name="journal" dev="tmpfs" ino=10949 | ||
| 10 | scontext=system_u:system_r:systemd_logind_t:s0-s15:c0.c1023 | ||
| 11 | tcontext=system_u:object_r:syslogd_runtime_t:s15:c0.c1023 tclass=dir | ||
| 12 | permissive=1 | ||
| 13 | |||
| 14 | avc: denied { watch } for pid=184 comm="systemd-logind" | ||
| 15 | path="/run/utmp" dev="tmpfs" ino=12725 | ||
| 16 | scontext=system_u:system_r:systemd_logind_t:s0-s15:c0.c1023 | ||
| 17 | tcontext=system_u:object_r:initrc_runtime_t:s0 tclass=file permissive=1 | ||
| 18 | |||
| 19 | Upstream-Status: Inappropriate [embedded specific] | ||
| 20 | |||
| 21 | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> | ||
| 22 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
| 23 | --- | ||
| 24 | policy/modules/system/systemd.te | 2 ++ | ||
| 25 | 1 file changed, 2 insertions(+) | ||
| 26 | |||
| 27 | diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te | ||
| 28 | index c50a2ba64..a7390b1cd 100644 | ||
| 29 | --- a/policy/modules/system/systemd.te | ||
| 30 | +++ b/policy/modules/system/systemd.te | ||
| 31 | @@ -693,6 +693,8 @@ userdom_relabelto_user_runtime_dirs(systemd_logind_t) | ||
| 32 | userdom_setattr_user_ttys(systemd_logind_t) | ||
| 33 | userdom_use_user_ttys(systemd_logind_t) | ||
| 34 | |||
| 35 | +mls_file_read_to_clearance(systemd_logind_t) | ||
| 36 | + | ||
| 37 | # Needed to work around patch not yet merged into the systemd-logind supported on RHEL 7.x | ||
| 38 | # The change in systemd by Nicolas Iooss on 02-Feb-2016 with hash 4b51966cf6c06250036e428608da92f8640beb96 | ||
| 39 | # should fix the problem where user directories in /run/user/$UID/ are not getting the proper context | ||
| 40 | -- | ||
| 41 | 2.17.1 | ||
| 42 | |||