1 files changed, 0 insertions, 36 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0089-policy-modules-services-rpc-make-rpcd_t-MLS-trusted-.patch b/recipes-security/refpolicy/refpolicy/0089-policy-modules-services-rpc-make-rpcd_t-MLS-trusted-.patch
deleted file mode 100644
index 7adaea0..0000000
--- a/recipes-security/refpolicy/refpolicy/0089-policy-modules-services-rpc-make-rpcd_t-MLS-trusted-.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 58cdf21546b973b458a26ea4b3a523275a80aca5 Mon Sep 17 00:00:00 2001
-From: Yi Zhao <yi.zhao@windriver.com>
-Date: Thu, 30 May 2019 08:30:06 +0800
-Subject: [PATCH] policy/modules/services/rpc: make rpcd_t MLS trusted for
- reading from files up to its clearance
-Fixes:
-type=AVC msg=audit(1559176077.169:242): avc:  denied  { search } for
-pid=374 comm="rpc.statd" name="journal" dev="tmpfs" ino=9854
-scontext=system_u:system_r:rpcd_t:s0-s15:c0.c1023
-tcontext=system_u:object_r:syslogd_var_run_t:s15:c0.c1023 tclass=dir
-permissive=0
-Upstream-Status: Inappropriate [embedded specific]
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
- policy/modules/services/rpc.te | 2 ++
- 1 file changed, 2 insertions(+)
-diff --git a/policy/modules/services/rpc.te b/policy/modules/services/rpc.te
-index 9618df04e..84caefbbb 100644
--- a/policy/modules/services/rpc.te
-+++ b/policy/modules/services/rpc.te
-@@ -275,6 +275,8 @@ seutil_dontaudit_search_config(rpcd_t)
- 
- userdom_signal_all_users(rpcd_t)
- 
-+mls_file_read_to_clearance(rpcd_t)
-+
- ifdef(`distro_debian',`
-        term_dontaudit_use_unallocated_ttys(rpcd_t)
- ')
-- 
-2.17.1

diff --git a/recipes-security/refpolicy/refpolicy/0089-policy-modules-services-rpc-make-rpcd_t-MLS-trusted-.patch b/recipes-security/refpolicy/refpolicy/0089-policy-modules-services-rpc-make-rpcd_t-MLS-trusted-.patch deleted file mode 100644 index 7adaea0..0000000 --- a/recipes-security/refpolicy/refpolicy/0089-policy-modules-services-rpc-make-rpcd_t-MLS-trusted-.patch +++ /dev/null
@@ -1,36 +0,0 @@
1	From 58cdf21546b973b458a26ea4b3a523275a80aca5 Mon Sep 17 00:00:00 2001
2	From: Yi Zhao <yi.zhao@windriver.com>
3	Date: Thu, 30 May 2019 08:30:06 +0800
4	Subject: [PATCH] policy/modules/services/rpc: make rpcd_t MLS trusted for
5	reading from files up to its clearance
6
7	Fixes:
8	type=AVC msg=audit(1559176077.169:242): avc: denied { search } for
9	pid=374 comm="rpc.statd" name="journal" dev="tmpfs" ino=9854
10	scontext=system_u:system_r:rpcd_t:s0-s15:c0.c1023
11	tcontext=system_u:object_r:syslogd_var_run_t:s15:c0.c1023 tclass=dir
12	permissive=0
13
14	Upstream-Status: Inappropriate [embedded specific]
15
16	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
17	---
18	policy/modules/services/rpc.te \| 2 ++
19	1 file changed, 2 insertions(+)
20
21	diff --git a/policy/modules/services/rpc.te b/policy/modules/services/rpc.te
22	index 9618df04e..84caefbbb 100644
23	--- a/policy/modules/services/rpc.te
24	+++ b/policy/modules/services/rpc.te
25	@@ -275,6 +275,8 @@ seutil_dontaudit_search_config(rpcd_t)
26
27	userdom_signal_all_users(rpcd_t)
28
29	+mls_file_read_to_clearance(rpcd_t)
30	+
31	ifdef(`distro_debian',`
32	term_dontaudit_use_unallocated_ttys(rpcd_t)
33	')
34	--
35	2.17.1
36