rpms
/
selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Sat Mar 18 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-246 

- Label all files containing hostname substring in /etc/ created by systemd_hostnamed_t as hostname_etc_t. BZ(1433555)
This commit is contained in:
Lukas Vrabec 2017-03-18 16:12:18 +01:00
parent 301836b163
commit b3dccbc4b2
3 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
container-selinux.tgz
View File

Binary file not shown.

11
policy-rawhide-base.patch
View File

@ -45289,14 +45289,14 @@ index a392fc4..b7497fc 100644
+')
diff --git a/policy/modules/system/systemd.fc b/policy/modules/system/systemd.fc
new file mode 100644
index 0000000..db8e9dc
index 0000000..121b422
--- /dev/null
+++ b/policy/modules/system/systemd.fc
@@ -0,0 +1,81 @@
+HOME_DIR/\.local/share/systemd(/.*)? gen_context(system_u:object_r:systemd_home_t,s0)
+/root/\.local/share/systemd(/.*)? gen_context(system_u:object_r:systemd_home_t,s0)
+
+/etc/hostname -- gen_context(system_u:object_r:hostname_etc_t,s0)
+/etc/.*hostname.* -- gen_context(system_u:object_r:hostname_etc_t,s0)
+/etc/machine-info -- gen_context(system_u:object_r:hostname_etc_t,s0)
+/etc/udev/.*hwdb.* -- gen_context(system_u:object_r:systemd_hwdb_etc_t,s0)
+
@ -47185,10 +47185,10 @@ index 0000000..86e3d01
+')
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
new file mode 100644
index 0000000..0100a56
index 0000000..c9d14fd
--- /dev/null
+++ b/policy/modules/system/systemd.te
@@ -0,0 +1,1018 @@
@@ -0,0 +1,1017 @@
+policy_module(systemd, 1.0.0)
+
+#######################################
@ -47888,8 +47888,7 @@ index 0000000..0100a56
+
+manage_files_pattern(systemd_hostnamed_t, hostname_etc_t, hostname_etc_t)
+manage_lnk_files_pattern(systemd_hostnamed_t, hostname_etc_t, hostname_etc_t)
+files_etc_filetrans(systemd_hostnamed_t, hostname_etc_t, file, "hostname" )
+files_etc_filetrans(systemd_hostnamed_t, hostname_etc_t, file, "machine-info" )
+files_etc_filetrans(systemd_hostnamed_t, hostname_etc_t, file)
+
+kernel_dgram_send(systemd_hostnamed_t)
+kernel_read_xen_state(systemd_hostnamed_t)

5
selinux-policy.spec
View File

@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.13.1
Release: 245%{?dist}
Release: 246%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@ -682,6 +682,9 @@ exit 0
%endif
%changelog
* Sat Mar 18 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-246
- Label all files containing hostname substring in /etc/ created by systemd_hostnamed_t as hostname_etc_t. BZ(1433555)
* Fri Mar 17 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-245
- Allow vdagent domain to getattr cgroup filesystem
- Allow abrt_dump_oops_t stream connect to sssd_t domain