代码拉取完成,页面将自动刷新
Fork 仓库
加载中
确定同步?
同步操作将从 src-openEuler/selinux-policy 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
backport-Allow-sosreport-dbus-chat-abrt-systemd-timedatex.patch
2.65 KB
lujie54
提交于
2022-09-15 09:20
.
backport upstream patches
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293
From 37dbb1e7b5944a1cceb2009f8bbb4897150fd1ef Mon Sep 17 00:00:00 2001
From: Nikola Knazekova <nknazeko@redhat.com>
Date: Tue, 22 Feb 2022 09:48:33 +0100
Subject: [PATCH] Allow sosreport dbus chat abrt systemd timedatex
Reference: https://gitbub.com/fedora-selinux/selinux-policy/commit/37dbb1e7b5944a1cceb2009f8bbb4897150fd1ef
Conflict: NA
Create sosreport dbus chat interface.
Allow abrt, systemd and timedatex to dbus chat sosreport
Signed-off-by: lujie54 <lujie54@huawei.com>
---
policy/modules/contrib/abrt.te | 1 +
policy/modules/contrib/sosreport.if | 20 ++++++++++++++++++++
policy/modules/contrib/timedatex.te | 5 ++++-
policy/modules/system/systemd.te | 4 ++++
4 files changed, 29 insertions(+), 1 deletion(-)
diff --git a/policy/modules/contrib/abrt.te b/policy/modules/contrib/abrt.te
index a68c7fd..02a12df 100644
--- a/policy/modules/contrib/abrt.te
+++ b/policy/modules/contrib/abrt.te
@@ -350,6 +350,7 @@ optional_policy(`
#')
optional_policy(`
+ sosreport_dbus_chat(abrt_t)
sosreport_domtrans(abrt_t)
sosreport_read_tmp_files(abrt_t)
sosreport_delete_tmp_files(abrt_t)
diff --git a/policy/modules/contrib/sosreport.if b/policy/modules/contrib/sosreport.if
index f6db7a7..c5fbb7a 100644
--- a/policy/modules/contrib/sosreport.if
+++ b/policy/modules/contrib/sosreport.if
@@ -146,3 +146,23 @@ interface(`sosreport_signull',`
allow $1 sosreport_t:process signull;
')
+########################################
+## <summary>
+## Send and receive messages from
+## sosreport over dbus.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`sosreport_dbus_chat',`
+ gen_require(`
+ type sosreport_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 sosreport_t:dbus send_msg;
+ allow sosreport_t $1:dbus send_msg;
+')
diff --git a/policy/modules/contrib/timedatex.te b/policy/modules/contrib/timedatex.te
index 3a2e4db..6a640fa 100644
--- a/policy/modules/contrib/timedatex.te
+++ b/policy/modules/contrib/timedatex.te
@@ -64,6 +64,9 @@ optional_policy(`
')
optional_policy(`
- userdom_dbus_send_all_users(timedatex_t)
+ sosreport_dbus_chat(timedatex_t)
')
+optional_policy(`
+ userdom_dbus_send_all_users(timedatex_t)
+')
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 476e2d3..97cc111 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -545,6 +545,10 @@ optional_policy(`
')
optional_policy(`
+ sosreport_dbus_chat(systemd_networkd_t)
+')
+
+optional_policy(`
udev_read_db(systemd_networkd_t)
')
--
1.8.3.1
举报
请认真填写举报原因,尽可能描述详细。
请选择举报类型
误判申诉
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化