|
|
eb2dbd |
From fb4c274f4857f2d652014b0189abafb1df4b001a Mon Sep 17 00:00:00 2001
|
|
|
eb2dbd |
From: Steve Grubb <sgrubb@redhat.com>
|
|
|
eb2dbd |
Date: Tue, 19 Jul 2022 12:18:18 -0400
|
|
|
eb2dbd |
Subject: [PATCH] Add documentation describing support for user/group names
|
|
|
eb2dbd |
|
|
|
eb2dbd |
---
|
|
|
eb2dbd |
doc/fapolicyd.rules.5 | 6 +++---
|
|
|
eb2dbd |
init/fapolicyd.service | 2 ++
|
|
|
eb2dbd |
2 files changed, 5 insertions(+), 3 deletions(-)
|
|
|
eb2dbd |
|
|
|
eb2dbd |
diff --git a/doc/fapolicyd.rules.5 b/doc/fapolicyd.rules.5
|
|
|
eb2dbd |
index aa77177..3b8ec09 100644
|
|
|
eb2dbd |
--- a/doc/fapolicyd.rules.5
|
|
|
eb2dbd |
+++ b/doc/fapolicyd.rules.5
|
|
|
eb2dbd |
@@ -35,13 +35,13 @@ The subject is the process that is performing actions on system resources. The f
|
|
|
eb2dbd |
This matches against any subject. When used, this must be the only subject in the rule.
|
|
|
eb2dbd |
.TP
|
|
|
eb2dbd |
.B auid
|
|
|
eb2dbd |
-This is the login uid that the audit system assigns users when they log in to the system. Daemons have a value of -1.
|
|
|
eb2dbd |
+This is the login uid that the audit system assigns users when they log in to the system. Daemons have a value of -1. The given value may be numeric or the account name.
|
|
|
eb2dbd |
.TP
|
|
|
eb2dbd |
.B uid
|
|
|
eb2dbd |
-This is the user id that the program is running under.
|
|
|
eb2dbd |
+This is the user id that the program is running under. The given value may be numeric or the account name.
|
|
|
eb2dbd |
.TP
|
|
|
eb2dbd |
.B gid
|
|
|
eb2dbd |
-This is the group id that the program is running under.
|
|
|
eb2dbd |
+This is the group id that the program is running under. The given value may be numeric or the group name.
|
|
|
eb2dbd |
.TP
|
|
|
eb2dbd |
.B sessionid
|
|
|
eb2dbd |
This is the numeric session id that the audit system assigns to users when they log in. Daemons have a value of -1.
|
|
|
eb2dbd |
diff --git a/init/fapolicyd.service b/init/fapolicyd.service
|
|
|
eb2dbd |
index 715de98..a5a6a3f 100644
|
|
|
eb2dbd |
--- a/init/fapolicyd.service
|
|
|
eb2dbd |
+++ b/init/fapolicyd.service
|
|
|
eb2dbd |
@@ -11,6 +11,8 @@ PIDFile=/run/fapolicyd.pid
|
|
|
eb2dbd |
ExecStartPre=/usr/sbin/fagenrules
|
|
|
eb2dbd |
ExecStart=/usr/sbin/fapolicyd
|
|
|
eb2dbd |
Restart=on-abnormal
|
|
|
eb2dbd |
+# Uncomment the following line if rules need user/group name lookup
|
|
|
eb2dbd |
+#After=nss-user-lookup.target
|
|
|
eb2dbd |
|
|
|
eb2dbd |
[Install]
|
|
|
eb2dbd |
WantedBy=multi-user.target
|
|
|
eb2dbd |
--
|
|
|
eb2dbd |
2.37.1
|
|
|
eb2dbd |
|