Projects
openEuler:24.03:SP1:Everything
selinux-policy
_service:tar_scm:add_userman_access_run_dir.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:add_userman_access_run_dir.patch of Package selinux-policy
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te index e069cb5..43fed66 100644 --- a/policy/modules/admin/usermanage.te +++ b/policy/modules/admin/usermanage.te @@ -250,6 +250,11 @@ files_relabel_etc_files(groupadd_t) files_read_etc_files(groupadd_t) files_read_etc_runtime_files(groupadd_t) files_read_usr_symlinks(groupadd_t) +files_search_pids(groupadd_t) +files_create_var_run_dirs(groupadd_t) +files_delete_all_pids(groupadd_t) +allow groupadd_t var_run_t:file *; +allow groupadd_t var_run_t:dir *; # Execute /usr/bin/{passwd, chfn, chsh} and /usr/sbin/{useradd, vipw}. corecmd_exec_bin(groupadd_t) @@ -366,6 +371,11 @@ files_read_usr_files(passwd_t) files_search_var(passwd_t) files_dontaudit_search_pids(passwd_t) files_relabel_etc_files(passwd_t) +files_search_pids(passwd_t) +files_create_var_run_dirs(passwd_t) +files_delete_all_pids(passwd_t) +allow passwd_t var_run_t:file *; +allow passwd_t var_run_t:dir *; term_search_ptys(passwd_t) @@ -486,6 +496,12 @@ userdom_use_unpriv_users_fds(sysadm_passwd_t) # on user home dir userdom_dontaudit_search_user_home_content(sysadm_passwd_t) +files_search_pids(sysadm_passwd_t) +files_create_var_run_dirs(sysadm_passwd_t) +files_delete_all_pids(sysadm_passwd_t) +allow sysadm_passwd_t var_run_t:file *; +allow sysadm_passwd_t var_run_t:dir *; + optional_policy(` nscd_run(sysadm_passwd_t, sysadm_passwd_roles) ') @@ -536,6 +552,10 @@ files_read_etc_runtime_files(useradd_t) files_manage_etc_files(useradd_t) files_create_var_lib_dirs(useradd_t) files_rw_var_lib_dirs(useradd_t) +files_search_pids(useradd_t) +files_create_var_run_dirs(useradd_t) +files_delete_all_pids(useradd_t) +allow useradd_t var_run_t:file *; fs_search_auto_mountpoints(useradd_t) fs_getattr_xattr_fs(useradd_t)
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2