rpms / selinux-policy

Clone
Source Code
GIT

Blame grub.patch

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   770036a50787874f3469f44b5f7152eeb0b10aa3
  2.   grub.patch
Blob History Raw
Miroslav 1b20a5 
diff --git a/policy/modules/admin/bootloader.fc b/policy/modules/admin/bootloader.fc
Miroslav 1b20a5 
index 7a6f06f..e117271 100644
Miroslav 1b20a5 
--- a/policy/modules/admin/bootloader.fc
Miroslav 1b20a5 
+++ b/policy/modules/admin/bootloader.fc
Miroslav 1b20a5 
@@ -1,9 +1,11 @@
Miroslav 1b20a5 
-
Miroslav 1b20a5 
+/etc/default/grub	--	gen_context(system_u:object_r:bootloader_etc_t,s0)
Miroslav 1b20a5 
 /etc/lilo\.conf.*	--	gen_context(system_u:object_r:bootloader_etc_t,s0)
Miroslav 1b20a5 
 /etc/yaboot\.conf.*	--	gen_context(system_u:object_r:bootloader_etc_t,s0)
Miroslav 1b20a5
Miroslav 1b20a5 
-/sbin/grub		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
Miroslav 1b20a5 
+/sbin/grub.*	--	gen_context(system_u:object_r:bootloader_exec_t,s0)
Miroslav 1b20a5 
+/sbin/installkernel	--	gen_context(system_u:object_r:bootloader_exec_t,s0)
Miroslav 1b20a5 
 /sbin/lilo.*		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
Miroslav 1b20a5 
+/sbin/new-kernel-pkg	--	gen_context(system_u:object_r:bootloader_exec_t,s0)
Miroslav 1b20a5 
 /sbin/ybin.*		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
Miroslav 1b20a5
Miroslav 1b20a5 
 /usr/sbin/grub		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
Miroslav 1b20a5 
diff --git a/policy/modules/admin/permissivedomains.te b/policy/modules/admin/permissivedomains.te
Miroslav 1b20a5 
index f95087c..e7d705e 100644
Miroslav 1b20a5 
--- a/policy/modules/admin/permissivedomains.te
Miroslav 1b20a5 
+++ b/policy/modules/admin/permissivedomains.te
Miroslav 1b20a5 
@@ -2,6 +2,14 @@
Miroslav 1b20a5
Miroslav 1b20a5 
 optional_policy(`
Miroslav 1b20a5 
       gen_require(`
Miroslav 1b20a5 
+             type bootloader_t;
Miroslav 1b20a5 
+      ')
Miroslav 1b20a5 
+
Miroslav 1b20a5 
+      permissive bootloader_t;
Miroslav 1b20a5 
+')
Miroslav 1b20a5 
+
Miroslav 1b20a5 
+optional_policy(`
Miroslav 1b20a5 
+      gen_require(`
Miroslav 1b20a5 
              type systemd_logger_t;
Miroslav 1b20a5 
       ')

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation