diff --git a/add-allow-to-be-access-to-sssd-dir-and-file.patch b/add-allow-to-be-access-to-sssd-dir-and-file.patch deleted file mode 100644 index 80611ab696d29e6728cd25e411c51775f5b04364..0000000000000000000000000000000000000000 --- a/add-allow-to-be-access-to-sssd-dir-and-file.patch +++ /dev/null @@ -1,110 +0,0 @@ -From e4184b665f1ca1f86fb7554095a73a71ad4a46ef Mon Sep 17 00:00:00 2001 -From: guoxiaoqi -Date: Tue, 25 Feb 2020 18:30:13 +0800 -Subject: [PATCH] add allow to be access to sssd dir and file - -Signed-off-by: guoxiaoqi ---- - policy/modules/admin/usermanage.te | 8 +++++ - policy/modules/contrib/sssd.if | 72 ++++++++++++++++++++++++++++++++++++++ - 2 files changed, 80 insertions(+) - -diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te -index 43fed66..c8580a7 100644 ---- a/policy/modules/admin/usermanage.te -+++ b/policy/modules/admin/usermanage.te -@@ -663,3 +663,11 @@ optional_policy(` - optional_policy(` - stapserver_manage_lib(useradd_t) - ') -+ -+# avc for openEuler -+sssd_var_lib_dir(groupadd_t) -+sssd_var_lib_map_file(groupadd_t) -+sssd_var_lib_create_file(groupadd_t) -+sssd_var_lib_write_file(groupadd_t) -+sssd_var_lib_map_file(useradd_t) -+sssd_var_lib_write_file(useradd_t) -diff --git a/policy/modules/contrib/sssd.if b/policy/modules/contrib/sssd.if -index 50eee3f..1b61ccd 100644 ---- a/policy/modules/contrib/sssd.if -+++ b/policy/modules/contrib/sssd.if -@@ -576,3 +576,75 @@ interface(`sssd_admin',` - allow $1 sssd_unit_file_t:service all_service_perms; - - ') -+ -+######################################## -+## -+## Allow to be access to sssd lib dir. -+## -+## -+## -+## Domain to allow. -+## -+## -+# -+interface(`sssd_var_lib_dir',` -+gen_require(` -+type sssd_var_lib_t; -+') -+ -+allow $1 sssd_var_lib_t:dir { add_name write }; -+') -+ -+######################################## -+## -+## Allow to map sssd lib files. -+## -+## -+## -+## Domain to allow. -+## -+## -+# -+interface(`sssd_var_lib_map_file',` -+gen_require(` -+type sssd_var_lib_t; -+') -+ -+allow $1 sssd_var_lib_t:file map; -+') -+ -+######################################## -+## -+## Allow to write sssd lib files. -+## -+## -+## -+## Domain to allow. -+## -+## -+# -+interface(`sssd_var_lib_write_file',` -+gen_require(` -+type sssd_var_lib_t; -+') -+ -+allow $1 sssd_var_lib_t:file write; -+') -+ -+######################################## -+## -+## Allow to create sssd lib files. -+## -+## -+## -+## Domain to allow. -+## -+## -+# -+interface(`sssd_var_lib_create_file',` -+gen_require(` -+type sssd_var_lib_t; -+') -+ -+allow $1 sssd_var_lib_t:file create; -+') --- -1.8.3.1 - diff --git a/add-allow-to-plymouthd-stream-connect-for-agetty.patch b/add-allow-to-plymouthd-stream-connect-for-agetty.patch deleted file mode 100644 index 6834bb5349a534c52d0ec72f88054cc0b7410adb..0000000000000000000000000000000000000000 --- a/add-allow-to-plymouthd-stream-connect-for-agetty.patch +++ /dev/null @@ -1,24 +0,0 @@ -From c1ecad14ce600f2c3c04bec6e7f49f6ef9fefa76 Mon Sep 17 00:00:00 2001 -From: guoxiaoqi -Date: Tue, 25 Feb 2020 18:45:58 +0800 -Subject: [PATCH] add allow to plymouthd stream connect for agetty - -Signed-off-by: guoxiaoqi ---- - policy/modules/system/getty.te | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/policy/modules/system/getty.te b/policy/modules/system/getty.te -index d1967ba..c386dfe 100644 ---- a/policy/modules/system/getty.te -+++ b/policy/modules/system/getty.te -@@ -165,3 +165,6 @@ optional_policy(` - optional_policy(` - udev_read_db(getty_t) - ') -+ -+# avc for openEuler -+plymouthd_stream_connect(getty_t) --- -1.8.3.1 - diff --git a/selinux-policy.spec b/selinux-policy.spec index 32065930d6fbf83bf4544319d1cba49a22d0096b..eb707ff7861f59512628d0258e27cc4f6adf9300 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -12,7 +12,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.2 -Release: 49 +Release: 50 License: GPLv2+ URL: https://github.com/fedora-selinux/selinux-policy/ @@ -59,8 +59,6 @@ Patch6: Fix-bug-in-userdom_restricted_xwindows_user_template.patch Patch7: add-allow-for-ldconfig-to-map-libsudo_util-so.patch Patch8: add-allow-syslogd_t-domain-to-send-null-signal-to-all-do.patch Patch9: add-allowed-avc-for-systemd.patch -Patch10: add-allow-to-be-access-to-sssd-dir-and-file.patch -Patch11: add-allow-to-plymouthd-stream-connect-for-agetty.patch Patch12: Allow-local_login-to-be-access-to-var-run-files-and-.patch Patch13: access-to-iptables-run-file.patch Patch14: add-avc-for-kmod.patch @@ -664,6 +662,9 @@ exit 0 %endif %changelog +* Thu Mar 12 2020 openEuler Buildteam - 3.14.2-50 +- fix upgrade error + * Sat Feb 29 2020 openEuler Buildteam - 3.14.2-49 - enable selinux