From 04b40f11a02053b76a93e4e60a6de72035b556d2 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Oct 20 2011 20:12:09 +0000 Subject: Allow systemd_passwd to talk to sock_files in systemd_passwd_var_run_t directories --- diff --git a/policy-systemd-passwd.patch b/policy-systemd-passwd.patch new file mode 100644 index 0000000..6c43a60 --- /dev/null +++ b/policy-systemd-passwd.patch @@ -0,0 +1,12 @@ +diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te +index 1449552..a84b8e7 100644 +--- a/policy/modules/system/systemd.te ++++ b/policy/modules/system/systemd.te +@@ -151,6 +151,7 @@ allow systemd_passwd_agent_t self:unix_dgram_socket create_socket_perms; + + manage_dirs_pattern(systemd_passwd_agent_t, systemd_passwd_var_run_t, systemd_passwd_var_run_t); + manage_files_pattern(systemd_passwd_agent_t, systemd_passwd_var_run_t, systemd_passwd_var_run_t); ++manage_sock_files_pattern(systemd_passwd_agent_t, systemd_passwd_var_run_t, systemd_passwd_var_run_t); + manage_fifo_files_pattern(systemd_passwd_agent_t, systemd_passwd_var_run_t, systemd_passwd_var_run_t); + init_pid_filetrans(systemd_passwd_agent_t, systemd_passwd_var_run_t, { dir fifo_file file }) + diff --git a/selinux-policy.spec b/selinux-policy.spec index e8ddadd..f1578a4 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,11 +17,12 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.10.0 -Release: 45%{?dist} +Release: 45.1%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz patch: policy-F16.patch +patch1: policy-systemd-passwd.patch Source1: modules-targeted.conf Source2: booleans-targeted.conf Source3: Makefile.devel @@ -235,6 +236,7 @@ Based off of reference policy: Checked out revision 2.20091117 %prep %setup -n serefpolicy-%{version} -q %patch -p1 +%patch1 -p1 %install mkdir selinux_config @@ -466,6 +468,9 @@ SELinux Reference policy mls base module. %endif %changelog +* Thu Oct 20 2011 Dan Walsh 3.10.0-45.1 +- Allow systemd_passwd to talk to sock_files in systemd_passwd_var_run_t directories + * Thu Oct 20 2011 Miroslav Grepl 3.10.0-45 - Remove tzdata policy