代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/selinux-policy 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From e4184b665f1ca1f86fb7554095a73a71ad4a46ef Mon Sep 17 00:00:00 2001
From: guoxiaoqi <guoxiaoqi2@huawei.com>
Date: Tue, 25 Feb 2020 18:30:13 +0800
Subject: [PATCH] add allow to be access to sssd dir and file
Signed-off-by: guoxiaoqi <guoxiaoqi2@huawei.com>
---
policy/modules/admin/usermanage.te | 8 +++++
policy/modules/contrib/sssd.if | 72 ++++++++++++++++++++++++++++++++++++++
2 files changed, 80 insertions(+)
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
index 43fed66..c8580a7 100644
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@@ -663,3 +663,11 @@ optional_policy(`
optional_policy(`
stapserver_manage_lib(useradd_t)
')
+# avc for openEuler
+#sssd_var_lib_dir(groupadd_t)
+optional_policy(`
+ sssd_var_lib_map_file(groupadd_t)
+ sssd_var_lib_write_file(groupadd_t)
+ sssd_var_lib_map_file(useradd_t)
+ sssd_var_lib_write_file(useradd_t)
+')
diff --git a/policy/modules/contrib/sssd.if b/policy/modules/contrib/sssd.if
index 50eee3f..1b61ccd 100644
--- a/policy/modules/contrib/sssd.if
+++ b/policy/modules/contrib/sssd.if
@@ -576,3 +576,75 @@ interface(`sssd_admin',`
allow $1 sssd_unit_file_t:service all_service_perms;
')
+
+########################################
+## <summary>
+## Allow to be access to sssd lib dir.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to allow.
+## </summary>
+## </param>
+#
+interface(`sssd_var_lib_dir',`
+gen_require(`
+type sssd_var_lib_t;
+')
+
+allow $1 sssd_var_lib_t:dir { add_name write };
+')
+
+########################################
+## <summary>
+## Allow to map sssd lib files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to allow.
+## </summary>
+## </param>
+#
+interface(`sssd_var_lib_map_file',`
+gen_require(`
+type sssd_var_lib_t;
+')
+
+allow $1 sssd_var_lib_t:file map;
+')
+
+########################################
+## <summary>
+## Allow to write sssd lib files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to allow.
+## </summary>
+## </param>
+#
+interface(`sssd_var_lib_write_file',`
+gen_require(`
+type sssd_var_lib_t;
+')
+
+allow $1 sssd_var_lib_t:file write;
+')
+
+########################################
+## <summary>
+## Allow to create sssd lib files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to allow.
+## </summary>
+## </param>
+#
+interface(`sssd_var_lib_create_file',`
+gen_require(`
+type sssd_var_lib_t;
+')
+
+allow $1 sssd_var_lib_t:file create;
+')
--
1.8.3.1
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手