packages/libcareplus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
libcareplus/0047-Allow-init_t-create-lnk-file.patch
imxcc 5ba3939722 Allow init_t create lnk file 
Bugfix: When the selinux mode is enforcing, libcare.socket cannot
create symlink libcare.sock. This will cause the libcare.service
to fail to start.

Signed-off-by: imxcc <xingchaochao@huawei.com>
2021-09-08 11:47:53 +08:00

31 lines
1002 B
Diff
Raw Blame History

From 7782210333c3296b68f954b46284024701ec79e4 Mon Sep 17 00:00:00 2001
From: imxcc <xingchaochao@huawei.com>
Date: Wed, 8 Sep 2021 11:28:28 +0800
Subject: [PATCH] Allow init_t create lnk file
Bugfix: When the selinux mode is enforcing, libcare.socket cannot
create symlink libcare.sock. This will cause the libcare.service
to fail to start.
Signed-off-by: imxcc <xingchaochao@huawei.com>
---
dist/selinux/libcare.te | 2 ++
1 file changed, 2 insertions(+)
diff --git a/dist/selinux/libcare.te b/dist/selinux/libcare.te
index c240875..936fc34 100644
--- a/dist/selinux/libcare.te
+++ b/dist/selinux/libcare.te
@@ -49,6 +49,8 @@ allow libcare_t libcare_file_t: file exec_file_perms;
allow libcare_t libcare_file_t: dir list_dir_perms;
allow libcare_t libcare_file_t: lnk_file read_lnk_file_perms;
+allow init_t var_run_t:lnk_file create;
+
# to read patient's /proc entries and be able to attach to it
allow libcare_t self: capability { dac_override dac_read_search sys_ptrace };
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink