forked from pool/selinux-policy
80bdcc2619
- Update fix_systemd.patch to add sys_admin systemd_gpt_generator_t (bsc#1200911) - postfix: Label PID files and some helpers correctly (bsc#1197242) - Add fix_userdomain.patch to dontaudit UDP rpc ports (bsc#1193984) OBS-URL: https://build.opensuse.org/request/show/988924 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=134
13 lines
655 B
Diff
13 lines
655 B
Diff
Index: fedora-policy-20220624/policy/modules/system/userdomain.if
|
|
===================================================================
|
|
--- fedora-policy-20220624.orig/policy/modules/system/userdomain.if
|
|
+++ fedora-policy-20220624/policy/modules/system/userdomain.if
|
|
@@ -1497,6 +1497,7 @@ tunable_policy(`deny_bluetooth',`',`
|
|
|
|
# port access is audited even if dac would not have allowed it, so dontaudit it here
|
|
# corenet_dontaudit_tcp_bind_all_reserved_ports($1_t)
|
|
+ corenet_dontaudit_udp_bind_all_rpc_ports($1_t)
|
|
# Need the following rule to allow users to run vpnc
|
|
corenet_tcp_bind_xserver_port($1_t)
|
|
corenet_tcp_bind_generic_node($1_usertype)
|