Skip to content

Commit eeb01ce

Browse files
krnowakkrnowak
committed
overlay coreos/user-patches: Update refpolicy patch
1 parent 1dc4cc9 commit eeb01ce

File tree

1 file changed

+15
-2
lines changed

1 file changed

+15
-2
lines changed

sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/0001-Flatcar-modifications.patch

Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
From 776730b89903c93a405dcfec2dbda27e012f99df Mon Sep 17 00:00:00 2001
1+
From 0bb1c5df7cc2066c59d2a15562d6e011c2faef2a Mon Sep 17 00:00:00 2001
22
From: Krzesimir Nowak <[email protected]>
33
Date: Mon, 4 Dec 2023 12:17:25 +0100
44
Subject: [PATCH] Flatcar modifications
@@ -11,11 +11,12 @@ Subject: [PATCH] Flatcar modifications
1111
policy/modules/kernel/kernel.te | 125 +++++++++++++++++
1212
policy/modules/services/container.fc | 6 +
1313
policy/modules/services/container.te | 170 +++++++++++++++++++++++-
14+
policy/modules/services/ssh.fc | 1 +
1415
policy/modules/system/init.te | 8 ++
1516
policy/modules/system/locallogin.te | 9 +-
1617
policy/modules/system/logging.te | 9 ++
1718
policy/modules/system/systemd.fc | 12 ++
18-
11 files changed, 439 insertions(+), 3 deletions(-)
19+
12 files changed, 440 insertions(+), 3 deletions(-)
1920

2021
diff --git a/refpolicy/policy/modules/admin/netutils.te b/refpolicy/policy/modules/admin/netutils.te
2122
index 63d2f9cb8..62dff5f94 100644
@@ -513,6 +514,18 @@ index c71ae54f4..a231f7664 100644
513514
+# avc: denied { read } for pid=[0-9]* comm="echo, sleep, whatever" path="/lib64/libc.so.6" dev="vda9" ino=[0-9]* scontext=system_u:system_r:container_t:s0:c[0-9]*,c[0-9]* tcontext=system_u:object_r:tmp_t:s0 tclass=file permissive=0
514515
+#
515516
+allow container_t tmp_t:file { read };
517+
diff --git a/refpolicy/policy/modules/services/ssh.fc b/refpolicy/policy/modules/services/ssh.fc
518+
index 93bfa8d26..aaa2e12ac 100644
519+
--- a/refpolicy/policy/modules/services/ssh.fc
520+
+++ b/refpolicy/policy/modules/services/ssh.fc
521+
@@ -8,6 +8,7 @@ HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
522+
/usr/bin/ssh-keygen -- gen_context(system_u:object_r:ssh_keygen_exec_t,s0)
523+
/usr/bin/sshd -- gen_context(system_u:object_r:sshd_exec_t,s0)
524+
525+
+/usr/lib/misc/sshd-auth -- gen_context(system_u:object_r:sshd_exec_t,s0)
526+
/usr/lib/misc/sshd-session -- gen_context(system_u:object_r:sshd_exec_t,s0)
527+
/usr/lib/openssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0)
528+
/usr/lib/openssh/sshd-session -- gen_context(system_u:object_r:sshd_exec_t,s0)
516529
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
517530
index 1320f7aae..61ead9795 100644
518531
--- a/refpolicy/policy/modules/system/init.te

0 commit comments

Comments
 (0)