diff options
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0089-policy-modules-services-rpc-make-rpcd_t-MLS-trusted-.patch')
-rw-r--r-- | recipes-security/refpolicy/refpolicy/0089-policy-modules-services-rpc-make-rpcd_t-MLS-trusted-.patch | 36 |
1 files changed, 0 insertions, 36 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0089-policy-modules-services-rpc-make-rpcd_t-MLS-trusted-.patch b/recipes-security/refpolicy/refpolicy/0089-policy-modules-services-rpc-make-rpcd_t-MLS-trusted-.patch deleted file mode 100644 index 7adaea0..0000000 --- a/recipes-security/refpolicy/refpolicy/0089-policy-modules-services-rpc-make-rpcd_t-MLS-trusted-.patch +++ /dev/null | |||
@@ -1,36 +0,0 @@ | |||
1 | From 58cdf21546b973b458a26ea4b3a523275a80aca5 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yi Zhao <yi.zhao@windriver.com> | ||
3 | Date: Thu, 30 May 2019 08:30:06 +0800 | ||
4 | Subject: [PATCH] policy/modules/services/rpc: make rpcd_t MLS trusted for | ||
5 | reading from files up to its clearance | ||
6 | |||
7 | Fixes: | ||
8 | type=AVC msg=audit(1559176077.169:242): avc: denied { search } for | ||
9 | pid=374 comm="rpc.statd" name="journal" dev="tmpfs" ino=9854 | ||
10 | scontext=system_u:system_r:rpcd_t:s0-s15:c0.c1023 | ||
11 | tcontext=system_u:object_r:syslogd_var_run_t:s15:c0.c1023 tclass=dir | ||
12 | permissive=0 | ||
13 | |||
14 | Upstream-Status: Inappropriate [embedded specific] | ||
15 | |||
16 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
17 | --- | ||
18 | policy/modules/services/rpc.te | 2 ++ | ||
19 | 1 file changed, 2 insertions(+) | ||
20 | |||
21 | diff --git a/policy/modules/services/rpc.te b/policy/modules/services/rpc.te | ||
22 | index 9618df04e..84caefbbb 100644 | ||
23 | --- a/policy/modules/services/rpc.te | ||
24 | +++ b/policy/modules/services/rpc.te | ||
25 | @@ -275,6 +275,8 @@ seutil_dontaudit_search_config(rpcd_t) | ||
26 | |||
27 | userdom_signal_all_users(rpcd_t) | ||
28 | |||
29 | +mls_file_read_to_clearance(rpcd_t) | ||
30 | + | ||
31 | ifdef(`distro_debian',` | ||
32 | term_dontaudit_use_unallocated_ttys(rpcd_t) | ||
33 | ') | ||
34 | -- | ||
35 | 2.17.1 | ||
36 | |||