[selinux-policy/f16] Allow systemd_passwd to talk to sock_files in systemd_passwd_var_run_t directories

Thu Oct 20 20:12:13 UTC 2011

commit 04b40f11a02053b76a93e4e60a6de72035b556d2
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Thu Oct 20 16:12:09 2011 -0400

    Allow systemd_passwd to talk to sock_files in systemd_passwd_var_run_t directories

 policy-systemd-passwd.patch |   12 ++++++++++++
 selinux-policy.spec         |    7 ++++++-
 2 files changed, 18 insertions(+), 1 deletions(-)
---

diff --git a/policy-systemd-passwd.patch b/policy-systemd-passwd.patch
new file mode 100644
index 0000000..6c43a60
--- /dev/null
+++ b/policy-systemd-passwd.patch
@@ -0,0 +1,12 @@
+diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
+index 1449552..a84b8e7 100644
+--- a/policy/modules/system/systemd.te
++++ b/policy/modules/system/systemd.te
+@@ -151,6 +151,7 @@ allow systemd_passwd_agent_t self:unix_dgram_socket create_socket_perms;
+ 
+ manage_dirs_pattern(systemd_passwd_agent_t, systemd_passwd_var_run_t, systemd_passwd_var_run_t);
+ manage_files_pattern(systemd_passwd_agent_t, systemd_passwd_var_run_t, systemd_passwd_var_run_t);
++manage_sock_files_pattern(systemd_passwd_agent_t, systemd_passwd_var_run_t, systemd_passwd_var_run_t);
+ manage_fifo_files_pattern(systemd_passwd_agent_t, systemd_passwd_var_run_t, systemd_passwd_var_run_t);
+ init_pid_filetrans(systemd_passwd_agent_t, systemd_passwd_var_run_t, { dir fifo_file file })
+ 
diff --git a/selinux-policy.spec b/selinux-policy.spec
index e8ddadd..f1578a4 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,11 +17,12 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.10.0
-Release: 45%{?dist}
+Release: 45.1%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
 patch: policy-F16.patch
+patch1: policy-systemd-passwd.patch
 Source1: modules-targeted.conf
 Source2: booleans-targeted.conf
 Source3: Makefile.devel
@@ -235,6 +236,7 @@ Based off of reference policy: Checked out revision  2.20091117
 %prep 
 %setup -n serefpolicy-%{version} -q
 %patch -p1
+%patch1 -p1
 
 %install
 mkdir selinux_config
@@ -466,6 +468,9 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Thu Oct 20 2011 Dan Walsh <dwalsh at redhat.com> 3.10.0-45.1
+- Allow systemd_passwd to talk to sock_files in systemd_passwd_var_run_t directories
+
 * Thu Oct 20 2011 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-45
 - Remove tzdata policy
 
