29 строки
1.2 KiB
Diff
29 строки
1.2 KiB
Diff
From 644781cd2fa2f1315b078d40434de28f6b482454 Mon Sep 17 00:00:00 2001
|
|
From: Chris PeBenito <Christopher.PeBenito@microsoft.com>
|
|
Date: Mon, 29 Aug 2022 20:22:37 +0000
|
|
Subject: [PATCH 15/35] usermanage: Add dac_read_search to useradd.
|
|
|
|
Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
|
|
---
|
|
policy/modules/admin/usermanage.te | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
MSFT_TAG: pending
|
|
|
|
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
|
|
index 2c9be9d0c..82fc1dc42 100644
|
|
--- a/policy/modules/admin/usermanage.te
|
|
+++ b/policy/modules/admin/usermanage.te
|
|
@@ -463,7 +463,7 @@ optional_policy(`
|
|
# Useradd local policy
|
|
#
|
|
|
|
-allow useradd_t self:capability { chown dac_override fowner fsetid kill setuid sys_resource };
|
|
+allow useradd_t self:capability { chown dac_read_search dac_override fowner fsetid kill setuid sys_resource };
|
|
dontaudit useradd_t self:capability { net_admin sys_tty_config };
|
|
dontaudit useradd_t self:cap_userns sys_ptrace;
|
|
allow useradd_t self:process { transition signal_perms getsched setsched getsession getpgid setpgid getcap setcap share getattr setfscreate noatsecure siginh rlimitinh dyntransition setkeycreate setsockcreate getrlimit };
|
|
--
|
|
2.34.1
|
|
|