forked from pool/selinux-policy
80bdcc2619
- Update fix_systemd.patch to add sys_admin systemd_gpt_generator_t (bsc#1200911) - postfix: Label PID files and some helpers correctly (bsc#1197242) - Add fix_userdomain.patch to dontaudit UDP rpc ports (bsc#1193984) OBS-URL: https://build.opensuse.org/request/show/988924 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=134
36 lines
1.0 KiB
Diff
36 lines
1.0 KiB
Diff
Index: fedora-policy-20220624/policy/modules/system/systemd.te
|
|
===================================================================
|
|
--- fedora-policy-20220624.orig/policy/modules/system/systemd.te
|
|
+++ fedora-policy-20220624/policy/modules/system/systemd.te
|
|
@@ -355,6 +355,10 @@ userdom_manage_user_tmp_chr_files(system
|
|
xserver_dbus_chat(systemd_logind_t)
|
|
|
|
optional_policy(`
|
|
+ packagekit_dbus_chat(systemd_logind_t)
|
|
+')
|
|
+
|
|
+optional_policy(`
|
|
apache_read_tmp_files(systemd_logind_t)
|
|
')
|
|
|
|
@@ -882,6 +886,10 @@ optional_policy(`
|
|
udev_read_pid_files(systemd_hostnamed_t)
|
|
')
|
|
|
|
+optional_policy(`
|
|
+ nscd_unconfined(systemd_hostnamed_t)
|
|
+')
|
|
+
|
|
#######################################
|
|
#
|
|
# rfkill policy
|
|
@@ -1105,7 +1113,7 @@ systemd_read_efivarfs(systemd_hwdb_t)
|
|
# systemd_gpt_generator domain
|
|
#
|
|
|
|
-allow systemd_gpt_generator_t self:capability sys_rawio;
|
|
+allow systemd_gpt_generator_t self:capability { sys_rawio sys_admin};
|
|
allow systemd_gpt_generator_t self:netlink_kobject_uevent_socket create_socket_perms;
|
|
|
|
dev_read_sysfs(systemd_gpt_generator_t)
|