代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/selinux-policy 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From d3e2a2c32da4229c1c27840560074585b7762844 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Fri, 13 May 2022 19:02:56 +0200
Subject: [PATCH] Allow systemd watch and watch_reads user ptys
Reference: https://gitbub.com/fedora-selinux/selinux-policy/commit/d3e2a2c32da4229c1c27840560074585b7762844
Conflict: NA
This permission is required for "systemd-run --shell" to work.
The following AVC denial was addressed:
type=PROCTITLE msg=audit(05/13/2022 10:57:19.765:435) : proctitle=(bash)
type=PATH msg=audit(05/13/2022 10:57:19.765:435) : item=0 name=/dev/pts/1 inode=4 dev=00:19 mode=character,620 ouid=root ogid=tty rdev=88:01 obj=unconfined_u:object_r:user_devpts_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(05/13/2022 10:57:19.765:435) : cwd=/
type=SYSCALL msg=audit(05/13/2022 10:57:19.765:435) : arch=x86_64 syscall=inotify_add_watch success=no exit=EACCES(Permission denied) a0=0x3 a1=0x55e39a4fe560 a2=0x18 a3=0x0 items=1 ppid=1 pid=1109 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=(bash) exe=/usr/lib/systemd/systemd subj=system_u:system_r:init_t:s0 key=(null)
type=AVC msg=audit(05/13/2022 10:57:19.765:435) : avc: denied { watch watch_reads } for pid=1109 comm=(bash) path=/dev/pts/1 dev="devpts" ino=4 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:user_devpts_t:s0 tclass=chr_file permissive=0
The following interfaces were added:
- userdom_watch_user_ptys
- userdom_watch_reads_user_ptys
Resolves: rhbz#1980241
Signed-off-by: lujie54 <lujie54@huawei.com>
---
policy/modules/system/init.te | 2 ++
policy/modules/system/userdomain.if | 36 ++++++++++++++++++++++++++++++++++++
2 files changed, 38 insertions(+)
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index a838cdd..f772288 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -419,6 +419,8 @@ userdom_nnp_transition_login_userdomain(init_t)
userdom_noatsecure_login_userdomain(init_t)
userdom_sigchld_login_userdomain(init_t)
userdom_use_user_ptys(init_t)
+userdom_watch_user_ptys(init_t)
+userdom_watch_reads_user_ptys(init_t)
allow init_t self:process setsched;
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index b16984d..aeb2deb 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -3989,6 +3989,42 @@ interface(`userdom_use_user_ptys',`
########################################
## <summary>
+## Watch a user pty.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`userdom_watch_user_ptys',`
+ gen_require(`
+ type user_devpts_t;
+ ')
+
+ allow $1 user_devpts_t:chr_file watch_chr_file_perms;
+')
+
+########################################
+## <summary>
+## Watch_reads a user pty.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`userdom_watch_reads_user_ptys',`
+ gen_require(`
+ type user_devpts_t;
+ ')
+
+ allow $1 user_devpts_t:chr_file watch_reads_chr_file_perms;
+')
+
+########################################
+## <summary>
## Read and write a inherited user domain pty.
## </summary>
## <param name="domain">
--
1.8.3.1
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手