diff --git a/allow-systemd_machined_t-delete-userdbd-runtime-sock.patch b/allow-systemd_machined_t-delete-userdbd-runtime-sock.patch new file mode 100644 index 0000000000000000000000000000000000000000..cd964b836a713aedd29ffa6da328b59ed3a4c7ff --- /dev/null +++ b/allow-systemd_machined_t-delete-userdbd-runtime-sock.patch @@ -0,0 +1,25 @@ +From 99e2285e42bb9d06dbf1322b2990ccee974e1c92 Mon Sep 17 00:00:00 2001 +From: HuaxinLuGitee <1539327763@qq.com> +Date: Thu, 17 Sep 2020 14:27:25 +0800 +Subject: [PATCH] allow systemd_machined_t delete userdbd runtime sock file + +--- + policy/modules/system/systemd.te | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te +index 7cb36c4..d0127f6 100644 +--- a/policy/modules/system/systemd.te ++++ b/policy/modules/system/systemd.te +@@ -189,6 +189,8 @@ systemd_unit_file(systemd_userdbd_unit_file_t) + type systemd_userdbd_runtime_t; + files_pid_file(systemd_userdbd_runtime_t) + ++delete_sock_files_pattern(systemd_machined_t, systemd_userdbd_runtime_t, systemd_userdbd_runtime_t) ++ + ####################################### + # + # Systemd_logind local policy +-- +1.8.3.1 + diff --git a/selinux-policy.spec b/selinux-policy.spec index 2a76bb16bb4da8c21fe98e40f792d3b46aa65171..defb46d4016f33ff3769d2b88f43fc6206616c58 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -12,7 +12,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.2 -Release: 58 +Release: 59 License: GPLv2+ URL: https://github.com/fedora-selinux/selinux-policy/ @@ -65,6 +65,7 @@ Patch12: add-avc-for-systemd.patch Patch13: allow-systemd-to-mount-unlabeled-filesystemd.patch Patch14: add_userman_access_run_dir.patch Patch15: allow-systemd-machined-create-userdbd-runtime-sock-file.patch +Patch16: allow-systemd_machined_t-delete-userdbd-runtime-sock.patch BuildArch: noarch BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc @@ -730,7 +731,10 @@ exit 0 %endif %changelog -* Wed Sep 10 2020 openEuler Buildteam - 3.14.2-58 +* Thu Sep 17 2020 openEuler Buildteam - 3.14.2-59 +- add allow-systemd_machined_t-delete-userdbd-runtime-sock.patch + +* Thu Sep 10 2020 openEuler Buildteam - 3.14.2-58 - add allow-systemd-machined-create-userdbd-runtime-sock-file.patch * Fri Aug 28 2020 openEuler Buildteam - 3.14.2-57