rpms / selinux-policy

Clone
Source Code
GIT

Files

  1.   7cee3bf1e3294a5a5b9733d488e683d38c9792fb
  2.   SOURCES
  3.   systemd-247-policy.patch
Blob Blame History Raw 
diff -Naur a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
--- a/policy/modules/kernel/kernel.te	2021-02-22 04:12:28.000000000 -0800
+++ b/policy/modules/kernel/kernel.te	2021-02-26 14:21:22.974162725 -0800
@@ -93,7 +93,6 @@
 type proc_kmsg_t, proc_type;
 fs_associate(proc_kmsg_t)
 genfscon proc /kmsg gen_context(system_u:object_r:proc_kmsg_t,mls_systemhigh)
-neverallow ~{ can_receive_kernel_messages kern_unconfined } proc_kmsg_t:file ~getattr;
 
 # /proc kcore: inaccessible
 type proc_kcore_t, proc_type;
diff -Naur a/policy/modules/system/init.te b/policy/modules/system/init.te
--- a/policy/modules/system/init.te	2021-02-22 04:12:28.000000000 -0800
+++ b/policy/modules/system/init.te	2021-02-26 15:53:09.464114056 -0800
@@ -1920,3 +1920,7 @@
         ccs_read_config(daemon)
     ')
  ')
+
+# systemd 247
+allow init_t kmsg_device_t:chr_file mounton;
+allow init_t proc_kmsg_t:file { getattr mounton };
diff -Naur a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
--- a/policy/modules/system/systemd.te	2021-02-22 04:12:28.000000000 -0800
+++ b/policy/modules/system/systemd.te	2021-02-26 15:18:43.051196124 -0800
@@ -1232,3 +1232,9 @@
 dev_write_kmsg(systemd_sleep_t)
 
 fstools_rw_swap_files(systemd_sleep_t)
+
+# systemd 247
+allow systemd_logind_t self:netlink_selinux_socket create;
+allow systemd_logind_t self:netlink_selinux_socket bind;
+allow systemd_logind_t systemd_machined_t:unix_stream_socket connectto;
+allow systemd_machined_t init_var_run_t:sock_file create;

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation