rpms
/
selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Mon Jun 19 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-260 

- Allow sssd_t to read realmd lib files.
- Fix init interface file. init_var_run_t is type not attribute
This commit is contained in:
Lukas Vrabec 2017-06-19 16:52:54 +02:00
parent fa95f253bf
commit 8c093f225c
4 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
container-selinux.tgz
View File

Binary file not shown.

6
policy-rawhide-base.patch
View File

@ -34324,7 +34324,7 @@ index bc0ffc8..37b8ea5 100644
')
+/var/run/systemd(/.*)? gen_context(system_u:object_r:init_var_run_t,s0)
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index 79a45f6..2dad865 100644
index 79a45f6..054b9f7 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -1,5 +1,21 @@
@ -35160,7 +35160,7 @@ index 79a45f6..2dad865 100644
+#
+interface(`init_config_transient_files',`
+ gen_require(`
+ attribute init_var_run_t;
+ type init_var_run_t;
+ ')
+
+ allow $1 init_var_run_t:service all_service_perms;
@ -35179,7 +35179,7 @@ index 79a45f6..2dad865 100644
+#
+interface(`init_manage_config_transient_files',`
+ gen_require(`
+ attribute init_var_run_t;
+ type init_var_run_t;
+ ')
+
+ allow $1 init_var_run_t:service manage_service_perms;

12
policy-rawhide-contrib.patch
View File

@ -106450,7 +106450,7 @@ index a240455..aac2584 100644
- admin_pattern($1, sssd_log_t)
')
diff --git a/sssd.te b/sssd.te
index 2d8db1f..07606ba 100644
index 2d8db1f..9b13b30 100644
--- a/sssd.te
+++ b/sssd.te
@@ -28,19 +28,31 @@ logging_log_file(sssd_var_log_t)
@ -106571,7 +106571,7 @@ index 2d8db1f..07606ba 100644
init_read_utmp(sssd_t)
@@ -112,18 +132,67 @@ logging_send_syslog_msg(sssd_t)
@@ -112,18 +132,71 @@ logging_send_syslog_msg(sssd_t)
logging_send_audit_msgs(sssd_t)
miscfiles_read_generic_certs(sssd_t)
@ -106599,7 +106599,7 @@ index 2d8db1f..07606ba 100644
+ kerberos_read_home_content(sssd_t)
+ kerberos_rw_config(sssd_t)
+ kerberos_rw_keytab(sssd_t)
+')
')
+
+optional_policy(`
+ dirsrv_stream_connect(sssd_t)
@ -106617,7 +106617,11 @@ index 2d8db1f..07606ba 100644
+
+optional_policy(`
+ systemd_login_read_pid_files(sssd_t)
')
+')
+
+optional_policy(`
+ realmd_read_var_lib(sssd_t)
+')
+
+########################################
+#

6
selinux-policy.spec
View File

@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.13.1
Release: 259%{?dist}
Release: 260%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@ -689,6 +689,10 @@ exit 0
%endif
%changelog
* Mon Jun 19 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-260
- Allow sssd_t to read realmd lib files.
- Fix init interface file. init_var_run_t is type not attribute
* Mon Jun 19 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-258
- Allow rpcbind_t to execute systemd_tmpfiles_exec_t binary files.
- Merge branch 'rawhide' of github.com:wrabcak/selinux-policy-contrib into rawhide