From debc1e7cabb0cd9405d49e494fda48abf729d6f6 Mon Sep 17 00:00:00 2001 From: HuaxinLuGitee <1539327763@qq.com> Date: Tue, 8 Dec 2020 19:16:23 +0800 Subject: [PATCH] add rule for systemd timedated --- ...systemd-timedated-to-unlink-etc-link.patch | 25 +++++++++++++++++++ selinux-policy.spec | 6 ++++- 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 add-allow-systemd-timedated-to-unlink-etc-link.patch diff --git a/add-allow-systemd-timedated-to-unlink-etc-link.patch b/add-allow-systemd-timedated-to-unlink-etc-link.patch new file mode 100644 index 0000000..76c38a0 --- /dev/null +++ b/add-allow-systemd-timedated-to-unlink-etc-link.patch @@ -0,0 +1,25 @@ +From 3180fd91dae6cad5367e850eabf765d442a7bd08 Mon Sep 17 00:00:00 2001 +From: HuaxinLuGitee <1539327763@qq.com> +Date: Tue, 8 Dec 2020 19:12:03 +0800 +Subject: [PATCH] add allow systemd timedated to unlink etc link + +--- + policy/modules/system/systemd.te | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te +index 0a65c1d..6e69517 100644 +--- a/policy/modules/system/systemd.te ++++ b/policy/modules/system/systemd.te +@@ -877,6 +877,8 @@ allow systemd_timedated_t self:fifo_file rw_fifo_file_perms; + allow systemd_timedated_t self:unix_stream_socket create_stream_socket_perms; + allow systemd_timedated_t self:unix_dgram_socket create_socket_perms; + ++allow systemd_timedated_t etc_t:lnk_file unlink; ++ + allow systemd_timedated_t systemd_timedated_unit_file_t:service manage_service_perms; + + manage_dirs_pattern(systemd_timedated_t, systemd_timedated_var_run_t, systemd_timedated_var_run_t) +-- +1.8.3.1 + diff --git a/selinux-policy.spec b/selinux-policy.spec index 16019bb..e6d6fc9 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -12,7 +12,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.2 -Release: 62 +Release: 63 License: GPLv2+ URL: https://github.com/fedora-selinux/selinux-policy/ @@ -64,6 +64,7 @@ Patch11: add-avc-for-systemd-hostnamed-and-systemd-logind.patch Patch12: add-avc-for-systemd.patch Patch13: allow-systemd-to-mount-unlabeled-filesystemd.patch Patch14: add_userman_access_run_dir.patch +Patch15: add-allow-systemd-timedated-to-unlink-etc-link.patch BuildArch: noarch BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc @@ -730,6 +731,9 @@ exit 0 %endif %changelog +* Tue Dec 8 2020 openEuler Buildteam - 3.14.2-63 +- add allow systemd timedated to unlink etc file + * Wed Dec 2 2020 openEuler Buildteam - 3.14.2-62 - remove .autorelabel file after install -- Gitee