SHA256
1
0
forked from cockpit/cockpit
cockpit/0001-selinux-allow-login-to-read-motd-file.patch

23 lines
581 B
Diff
Raw Normal View History

commit fc0e3304732a9aaff1487833342d5fc8ea26ce04
Author: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Fri Aug 6 15:11:23 2021 +0200
selinux: allow login to read motd file
diff --git a/selinux/cockpit.te b/selinux/cockpit.te
index 73242aaa1..72db3c1dc 100644
--- a/selinux/cockpit.te
+++ b/selinux/cockpit.te
@@ -181,3 +181,11 @@ optional_policy(`
optional_policy(`
unconfined_domtrans(cockpit_session_t)
')
+
+# login may read motd file through pam
+optional_policy(`
+ gen_require(`
+ type local_login_t;
+ ')
+ cockpit_read_pid_files(local_login_t)
+')