selinux-policy/fix_mcelog.patch

Index: fedora-policy/policy/modules/contrib/mcelog.te
===================================================================
--- fedora-policy.orig/policy/modules/contrib/mcelog.te
+++ fedora-policy/policy/modules/contrib/mcelog.te
@@ -58,7 +58,7 @@ files_pid_file(mcelog_var_run_t)
 # Local policy
 #
 
-allow mcelog_t self:capability sys_admin;
+allow mcelog_t self:capability { sys_admin setgid };
 allow mcelog_t self:unix_stream_socket connected_socket_perms;
 
 allow mcelog_t mcelog_etc_t:dir list_dir_perms;
Accepting request 785956 from home:jsegitz:branches:security:SELinux - New patches: * fix_accountsd.patch * fix_automount.patch * fix_colord.patch * fix_mcelog.patch * fix_sslh.patch * fix_nagios.patch * fix_openvpn.patch * fix_cron.patch * fix_usermanage.patch * fix_smartmon.patch * fix_geoclue.patch * suse_specific.patch Default systems should now work without selinuxuser_execmod - Removed xdm_entrypoint_pam.patch, necessary change is in fix_unconfineduser.patch - Enable SUSE specific settings again OBS-URL: https://build.opensuse.org/request/show/785956 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=75 2020-03-17 15:46:20 +01:00			`Index: fedora-policy/policy/modules/contrib/mcelog.te`
			`===================================================================`
			`--- fedora-policy.orig/policy/modules/contrib/mcelog.te`
			`+++ fedora-policy/policy/modules/contrib/mcelog.te`
			`@@ -58,7 +58,7 @@ files_pid_file(mcelog_var_run_t)`
			`# Local policy`
			`#`

			`-allow mcelog_t self:capability sys_admin;`
			`+allow mcelog_t self:capability { sys_admin setgid };`
			`allow mcelog_t self:unix_stream_socket connected_socket_perms;`

			`allow mcelog_t mcelog_etc_t:dir list_dir_perms;`