1 files changed, 0 insertions, 38 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0088-policy-modules-services-bind-make-named_t-domain-MLS.patch b/recipes-security/refpolicy/refpolicy/0088-policy-modules-services-bind-make-named_t-domain-MLS.patch
deleted file mode 100644
index 5be48df..0000000
--- a/recipes-security/refpolicy/refpolicy/0088-policy-modules-services-bind-make-named_t-domain-MLS.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 0e93ad162cda033935fbac584787417b97b4bc17 Mon Sep 17 00:00:00 2001
-From: Yi Zhao <yi.zhao@windriver.com>
-Date: Fri, 3 Jul 2020 09:42:21 +0800
-Subject: [PATCH] policy/modules/services/bind: make named_t domain MLS trusted
- for reading from files up to its clearance
-Allow named_t to search /run/systemd/journal
-Fixes:
-avc:  denied  { search } for  pid=295 comm="isc-worker0000"
-name="journal" dev="tmpfs" ino=10990
-scontext=system_u:system_r:named_t:s0-s15:c0.c1023
-tcontext=system_u:object_r:syslogd_runtime_t:s15:c0.c1023 tclass=dir
-permissive=0
-Upstream-Status: Inappropriate [embedded specific]
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
- policy/modules/services/bind.te | 2 ++
- 1 file changed, 2 insertions(+)
-diff --git a/policy/modules/services/bind.te b/policy/modules/services/bind.te
-index bf50763bd..be1813cb9 100644
--- a/policy/modules/services/bind.te
-+++ b/policy/modules/services/bind.te
-@@ -165,6 +165,8 @@ miscfiles_read_generic_tls_privkey(named_t)
- userdom_dontaudit_use_unpriv_user_fds(named_t)
- userdom_dontaudit_search_user_home_dirs(named_t)
- 
-+mls_file_read_to_clearance(named_t)
-+
- tunable_policy(`named_tcp_bind_http_port',`
-        corenet_sendrecv_http_server_packets(named_t)
-        corenet_tcp_bind_http_port(named_t)
-- 
-2.17.1

diff --git a/recipes-security/refpolicy/refpolicy/0088-policy-modules-services-bind-make-named_t-domain-MLS.patch b/recipes-security/refpolicy/refpolicy/0088-policy-modules-services-bind-make-named_t-domain-MLS.patch deleted file mode 100644 index 5be48df..0000000 --- a/recipes-security/refpolicy/refpolicy/0088-policy-modules-services-bind-make-named_t-domain-MLS.patch +++ /dev/null
@@ -1,38 +0,0 @@
1	From 0e93ad162cda033935fbac584787417b97b4bc17 Mon Sep 17 00:00:00 2001
2	From: Yi Zhao <yi.zhao@windriver.com>
3	Date: Fri, 3 Jul 2020 09:42:21 +0800
4	Subject: [PATCH] policy/modules/services/bind: make named_t domain MLS trusted
5	for reading from files up to its clearance
6
7	Allow named_t to search /run/systemd/journal
8
9	Fixes:
10	avc: denied { search } for pid=295 comm="isc-worker0000"
11	name="journal" dev="tmpfs" ino=10990
12	scontext=system_u:system_r:named_t:s0-s15:c0.c1023
13	tcontext=system_u:object_r:syslogd_runtime_t:s15:c0.c1023 tclass=dir
14	permissive=0
15
16	Upstream-Status: Inappropriate [embedded specific]
17
18	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
19	---
20	policy/modules/services/bind.te \| 2 ++
21	1 file changed, 2 insertions(+)
22
23	diff --git a/policy/modules/services/bind.te b/policy/modules/services/bind.te
24	index bf50763bd..be1813cb9 100644
25	--- a/policy/modules/services/bind.te
26	+++ b/policy/modules/services/bind.te
27	@@ -165,6 +165,8 @@ miscfiles_read_generic_tls_privkey(named_t)
28	userdom_dontaudit_use_unpriv_user_fds(named_t)
29	userdom_dontaudit_search_user_home_dirs(named_t)
30
31	+mls_file_read_to_clearance(named_t)
32	+
33	tunable_policy(`named_tcp_bind_http_port',`
34	corenet_sendrecv_http_server_packets(named_t)
35	corenet_tcp_bind_http_port(named_t)
36	--
37	2.17.1
38