代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/selinux-policy 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From 1a6889def34747b606f4e520fbff72fe86f90b0f Mon Sep 17 00:00:00 2001
From: lujie42 <572084868@qq.com>
Date: Tue, 24 Aug 2021 15:38:40 +0800
Subject: [PATCH] add avc for systemd no17479
Signed-off-by: lujie42 <572084868@qq.com>
---
policy/modules/kernel/domain.te | 4 ++--
policy/modules/kernel/selinux.if | 2 +-
policy/modules/system/logging.te | 1 +
policy/modules/system/systemd.if | 7 ++++---
policy/modules/system/systemd.te | 3 +++
5 files changed, 11 insertions(+), 6 deletions(-)
diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te
index 8e52b17..27b112c 100644
--- a/policy/modules/kernel/domain.te
+++ b/policy/modules/kernel/domain.te
@@ -510,7 +510,7 @@ optional_policy(`
')
optional_policy(`
- systemd_dbus_chat_resolved(domain)
+ systemd_chat_resolved(domain)
systemd_login_status(unconfined_domain_type)
systemd_login_reboot(unconfined_domain_type)
systemd_login_halt(unconfined_domain_type)
@@ -519,7 +519,7 @@ optional_policy(`
systemd_filetrans_named_content(named_filetrans_domain)
systemd_filetrans_named_hostname(named_filetrans_domain)
systemd_filetrans_home_content(named_filetrans_domain)
- systemd_dontaudit_write_inherited_logind_sessions_pipes(domain)
+ systemd_dontaudit_write_inherited_logind_sessions_pipes(domain)
')
optional_policy(`
diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if
index ac70efb..a2ab3fc 100644
--- a/policy/modules/kernel/selinux.if
+++ b/policy/modules/kernel/selinux.if
@@ -324,7 +324,7 @@ interface(`selinux_get_enforce_mode',`
dev_search_sysfs($1)
selinux_get_fs_mount($1)
allow $1 security_t:dir list_dir_perms;
- allow $1 security_t:file read_file_perms;
+ allow $1 security_t:file mmap_read_file_perms;
allow $1 security_t:lnk_file read_lnk_file_perms;
')
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index df4e985..482fe6d 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -622,6 +622,7 @@ term_write_unallocated_ttys(syslogd_t)
term_use_generic_ptys(syslogd_t)
init_stream_connect(syslogd_t)
+init_read_pid_files(syslogd_t)
# for sending messages to logged in users
init_read_utmp(syslogd_t)
init_dontaudit_write_utmp(syslogd_t)
diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if
index 514bbd7..6503c87 100644
--- a/policy/modules/system/systemd.if
+++ b/policy/modules/system/systemd.if
@@ -2345,8 +2345,8 @@ interface(`systemd_map_resolved_exec_files',`
########################################
## <summary>
-## Send and receive messages from
-## systemd resolved over dbus.
+## Exchange messages with
+## systemd resolved over dbus or varlink.
## </summary>
## <param name="domain">
## <summary>
@@ -2354,13 +2354,14 @@ interface(`systemd_map_resolved_exec_files',`
## </summary>
## </param>
#
-interface(`systemd_dbus_chat_resolved',`
+interface(`systemd_chat_resolved',`
gen_require(`
type systemd_resolved_t;
class dbus send_msg;
')
allow $1 systemd_resolved_t:dbus send_msg;
+ allow $1 systemd_resolved_t:unix_stream_socket connectto;
allow systemd_resolved_t $1:dbus send_msg;
ps_process_pattern(systemd_resolved_t, $1)
')
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 1e96c31..7849d51 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -13,6 +13,7 @@ attribute systemd_private_tmp_type;
attribute systemd_read_efivarfs_type;
fs_read_efivarfs_files(systemd_read_efivarfs_type)
+read_files_pattern(systemd_read_efivarfs_type, init_var_run_t, init_var_run_t)
systemd_domain_template(systemd_logger)
systemd_domain_template(systemd_logind)
@@ -501,6 +502,7 @@ corenet_tcp_bind_dhcpd_port(systemd_networkd_t)
corenet_udp_bind_dhcpd_port(systemd_networkd_t)
fs_read_xenfs_files(systemd_networkd_t)
+fs_read_nsfs_files(systemd_networkd_t)
dev_read_sysfs(systemd_networkd_t)
dev_write_kmsg(systemd_networkd_t)
@@ -1066,6 +1068,7 @@ allow systemd_resolved_t self:unix_dgram_socket create_socket_perms;
manage_dirs_pattern(systemd_resolved_t, systemd_resolved_var_run_t, systemd_resolved_var_run_t)
manage_files_pattern(systemd_resolved_t, systemd_resolved_var_run_t, systemd_resolved_var_run_t)
+manage_sock_files_pattern(systemd_resolved_t, systemd_resolved_var_run_t, systemd_resolved_var_run_t)
manage_lnk_files_pattern(systemd_resolved_t, systemd_resolved_var_run_t, systemd_resolved_var_run_t)
init_pid_filetrans(systemd_resolved_t, systemd_resolved_var_run_t, dir)
--
1.8.3.1
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手