* Mon Jun 19 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-260
- Allow sssd_t to read realmd lib files. - Fix init interface file. init_var_run_t is type not attribute
This commit is contained in:
Lukas Vrabec
parent
fa95f253bf
commit
8c093f225c
Binary file not shown.
@ -34324,7 +34324,7 @@ index bc0ffc8..37b8ea5 100644
|
|||||||
')
|
')
|
||||||
+/var/run/systemd(/.*)? gen_context(system_u:object_r:init_var_run_t,s0)
|
+/var/run/systemd(/.*)? gen_context(system_u:object_r:init_var_run_t,s0)
|
||||||
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
|
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
|
||||||
index 79a45f6..2dad865 100644
|
index 79a45f6..054b9f7 100644
|
||||||
--- a/policy/modules/system/init.if
|
--- a/policy/modules/system/init.if
|
||||||
+++ b/policy/modules/system/init.if
|
+++ b/policy/modules/system/init.if
|
||||||
@@ -1,5 +1,21 @@
|
@@ -1,5 +1,21 @@
|
||||||
@ -35160,7 +35160,7 @@ index 79a45f6..2dad865 100644
|
|||||||
+#
|
+#
|
||||||
+interface(`init_config_transient_files',`
|
+interface(`init_config_transient_files',`
|
||||||
+ gen_require(`
|
+ gen_require(`
|
||||||
+ attribute init_var_run_t;
|
+ type init_var_run_t;
|
||||||
+ ')
|
+ ')
|
||||||
+
|
+
|
||||||
+ allow $1 init_var_run_t:service all_service_perms;
|
+ allow $1 init_var_run_t:service all_service_perms;
|
||||||
@ -35179,7 +35179,7 @@ index 79a45f6..2dad865 100644
|
|||||||
+#
|
+#
|
||||||
+interface(`init_manage_config_transient_files',`
|
+interface(`init_manage_config_transient_files',`
|
||||||
+ gen_require(`
|
+ gen_require(`
|
||||||
+ attribute init_var_run_t;
|
+ type init_var_run_t;
|
||||||
+ ')
|
+ ')
|
||||||
+
|
+
|
||||||
+ allow $1 init_var_run_t:service manage_service_perms;
|
+ allow $1 init_var_run_t:service manage_service_perms;
|
||||||
|
|||||||
@ -106450,7 +106450,7 @@ index a240455..aac2584 100644
|
|||||||
- admin_pattern($1, sssd_log_t)
|
- admin_pattern($1, sssd_log_t)
|
||||||
')
|
')
|
||||||
diff --git a/sssd.te b/sssd.te
|
diff --git a/sssd.te b/sssd.te
|
||||||
index 2d8db1f..07606ba 100644
|
index 2d8db1f..9b13b30 100644
|
||||||
--- a/sssd.te
|
--- a/sssd.te
|
||||||
+++ b/sssd.te
|
+++ b/sssd.te
|
||||||
@@ -28,19 +28,31 @@ logging_log_file(sssd_var_log_t)
|
@@ -28,19 +28,31 @@ logging_log_file(sssd_var_log_t)
|
||||||
@ -106571,7 +106571,7 @@ index 2d8db1f..07606ba 100644
|
|||||||
|
|
||||||
init_read_utmp(sssd_t)
|
init_read_utmp(sssd_t)
|
||||||
|
|
||||||
@@ -112,18 +132,67 @@ logging_send_syslog_msg(sssd_t)
|
@@ -112,18 +132,71 @@ logging_send_syslog_msg(sssd_t)
|
||||||
logging_send_audit_msgs(sssd_t)
|
logging_send_audit_msgs(sssd_t)
|
||||||
|
|
||||||
miscfiles_read_generic_certs(sssd_t)
|
miscfiles_read_generic_certs(sssd_t)
|
||||||
@ -106599,7 +106599,7 @@ index 2d8db1f..07606ba 100644
|
|||||||
+ kerberos_read_home_content(sssd_t)
|
+ kerberos_read_home_content(sssd_t)
|
||||||
+ kerberos_rw_config(sssd_t)
|
+ kerberos_rw_config(sssd_t)
|
||||||
+ kerberos_rw_keytab(sssd_t)
|
+ kerberos_rw_keytab(sssd_t)
|
||||||
+')
|
')
|
||||||
+
|
+
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
+ dirsrv_stream_connect(sssd_t)
|
+ dirsrv_stream_connect(sssd_t)
|
||||||
@ -106617,7 +106617,11 @@ index 2d8db1f..07606ba 100644
|
|||||||
+
|
+
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
+ systemd_login_read_pid_files(sssd_t)
|
+ systemd_login_read_pid_files(sssd_t)
|
||||||
')
|
+')
|
||||||
|
+
|
||||||
|
+optional_policy(`
|
||||||
|
+ realmd_read_var_lib(sssd_t)
|
||||||
|
+')
|
||||||
+
|
+
|
||||||
+########################################
|
+########################################
|
||||||
+#
|
+#
|
||||||
|
|||||||
@ -19,7 +19,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.13.1
|
Version: 3.13.1
|
||||||
Release: 259%{?dist}
|
Release: 260%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -689,6 +689,10 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jun 19 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-260
|
||||||
|
- Allow sssd_t to read realmd lib files.
|
||||||
|
- Fix init interface file. init_var_run_t is type not attribute
|
||||||
|
|
||||||
* Mon Jun 19 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-258
|
* Mon Jun 19 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-258
|
||||||
- Allow rpcbind_t to execute systemd_tmpfiles_exec_t binary files.
|
- Allow rpcbind_t to execute systemd_tmpfiles_exec_t binary files.
|
||||||
- Merge branch 'rawhide' of github.com:wrabcak/selinux-policy-contrib into rawhide
|
- Merge branch 'rawhide' of github.com:wrabcak/selinux-policy-contrib into rawhide
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user