43 строки
1.5 KiB
Diff
43 строки
1.5 KiB
Diff
From 955951202c09e59367890abe1503b0532c4d7e07 Mon Sep 17 00:00:00 2001
|
|
From: Chris PeBenito <Christopher.PeBenito@microsoft.com>
|
|
Date: Mon, 2 May 2022 15:42:49 +0000
|
|
Subject: [PATCH 05/35] Add dac_read_search perms.
|
|
|
|
May be Mariner-specific.
|
|
---
|
|
policy/modules/services/chronyd.te | 2 +-
|
|
policy/modules/system/authlogin.te | 2 +-
|
|
2 files changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
MSFT_TAG: not upstreamable
|
|
|
|
diff --git a/policy/modules/services/chronyd.te b/policy/modules/services/chronyd.te
|
|
index e914cde3f..5ae7650d4 100644
|
|
--- a/policy/modules/services/chronyd.te
|
|
+++ b/policy/modules/services/chronyd.te
|
|
@@ -133,7 +133,7 @@ optional_policy(`
|
|
# chronyc local policy
|
|
#
|
|
|
|
-allow chronyc_t self:capability { dac_override };
|
|
+allow chronyc_t self:capability { dac_read_search dac_override };
|
|
allow chronyc_t self:process { signal };
|
|
allow chronyc_t self:udp_socket create_socket_perms;
|
|
allow chronyc_t self:netlink_route_socket create_netlink_socket_perms;
|
|
diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
|
|
index ab15b40d6..95c5f90bc 100644
|
|
--- a/policy/modules/system/authlogin.te
|
|
+++ b/policy/modules/system/authlogin.te
|
|
@@ -106,7 +106,7 @@ optional_policy(`
|
|
# Check password local policy
|
|
#
|
|
|
|
-allow chkpwd_t self:capability { dac_override setuid };
|
|
+allow chkpwd_t self:capability { dac_read_search dac_override setuid };
|
|
dontaudit chkpwd_t self:capability sys_tty_config;
|
|
allow chkpwd_t self:process { getattr signal };
|
|
dontaudit chkpwd_t self:process getcap;
|
|
--
|
|
2.34.1
|
|
|