diff options
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0079-policy-modules-services-ntp-make-nptd_t-MLS-trusted-.patch')
-rw-r--r-- | recipes-security/refpolicy/refpolicy/0079-policy-modules-services-ntp-make-nptd_t-MLS-trusted-.patch | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0079-policy-modules-services-ntp-make-nptd_t-MLS-trusted-.patch b/recipes-security/refpolicy/refpolicy/0079-policy-modules-services-ntp-make-nptd_t-MLS-trusted-.patch new file mode 100644 index 0000000..b939c37 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0079-policy-modules-services-ntp-make-nptd_t-MLS-trusted-.patch | |||
@@ -0,0 +1,40 @@ | |||
1 | From cb455496193d01761175f35297038f7cf468ebed Mon Sep 17 00:00:00 2001 | ||
2 | From: Yi Zhao <yi.zhao@windriver.com> | ||
3 | Date: Thu, 18 Jun 2020 10:21:04 +0800 | ||
4 | Subject: [PATCH] policy/modules/services/ntp: make nptd_t MLS trusted for | ||
5 | reading from files at all levels | ||
6 | |||
7 | Fixes: | ||
8 | avc: denied { search } for pid=193 comm="systemd-timesyn" | ||
9 | name="journal" dev="tmpfs" ino=10956 | ||
10 | scontext=system_u:system_r:ntpd_t:s0-s15:c0.c1023 | ||
11 | tcontext=system_u:object_r:syslogd_runtime_t:s15:c0.c1023 tclass=dir | ||
12 | permissive=0 | ||
13 | avc: denied { read } for pid=193 comm="systemd-timesyn" name="dbus" | ||
14 | dev="tmpfs" ino=13971 scontext=system_u:system_r:ntpd_t:s0-s15:c0.c1023 | ||
15 | tcontext=system_u:object_r:system_dbusd_runtime_t:s0 tclass=dir | ||
16 | permissive=0 | ||
17 | |||
18 | Upstream-Status: Inappropriate [embedded specific] | ||
19 | |||
20 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
21 | --- | ||
22 | policy/modules/services/ntp.te | 2 ++ | ||
23 | 1 file changed, 2 insertions(+) | ||
24 | |||
25 | diff --git a/policy/modules/services/ntp.te b/policy/modules/services/ntp.te | ||
26 | index 75603e16b..8886cb3bf 100644 | ||
27 | --- a/policy/modules/services/ntp.te | ||
28 | +++ b/policy/modules/services/ntp.te | ||
29 | @@ -138,6 +138,8 @@ miscfiles_read_localization(ntpd_t) | ||
30 | userdom_dontaudit_use_unpriv_user_fds(ntpd_t) | ||
31 | userdom_list_user_home_dirs(ntpd_t) | ||
32 | |||
33 | +mls_file_read_all_levels(ntpd_t) | ||
34 | + | ||
35 | ifdef(`init_systemd',` | ||
36 | allow ntpd_t ntpd_unit_t:file read_file_perms; | ||
37 | |||
38 | -- | ||
39 | 2.17.1 | ||
40 | |||