38 строки
1.5 KiB
Diff
38 строки
1.5 KiB
Diff
From fe999b6d16d3d0f1b4d9054ce1a833d4c9b29b3d Mon Sep 17 00:00:00 2001
|
|
From: Chris PeBenito <Christopher.PeBenito@microsoft.com>
|
|
Date: Mon, 29 Aug 2022 19:20:35 +0000
|
|
Subject: [PATCH 11/35] rpm: Minor fixes
|
|
|
|
Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
|
|
---
|
|
policy/modules/admin/rpm.te | 4 +++-
|
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
MSFT_TAG: pending
|
|
|
|
diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te
|
|
index 81b6ad3d2..14d65ae13 100644
|
|
--- a/policy/modules/admin/rpm.te
|
|
+++ b/policy/modules/admin/rpm.te
|
|
@@ -72,7 +72,7 @@ files_tmpfs_file(rpm_script_tmpfs_t)
|
|
# rpm Local policy
|
|
#
|
|
|
|
-allow rpm_t self:capability { chown dac_override fowner fsetid ipc_lock mknod setfcap setgid setuid sys_chroot sys_nice sys_tty_config };
|
|
+allow rpm_t self:capability { chown dac_read_search dac_override fowner fsetid ipc_lock mknod setfcap setgid setuid sys_chroot sys_nice sys_tty_config };
|
|
allow rpm_t self:process { transition signal_perms getsched setsched getsession getpgid setpgid getcap setcap share getattr setexec setfscreate noatsecure siginh setrlimit rlimitinh dyntransition execmem setkeycreate setsockcreate getrlimit };
|
|
allow rpm_t self:fd use;
|
|
allow rpm_t self:fifo_file rw_fifo_file_perms;
|
|
@@ -252,6 +252,8 @@ allow rpm_script_t self:netlink_kobject_uevent_socket create_socket_perms;
|
|
|
|
allow rpm_script_t rpm_t:netlink_route_socket { read write };
|
|
|
|
+allow rpm_script_t rpm_var_lib_t:file map;
|
|
+
|
|
allow rpm_script_t rpm_tmp_t:file read_file_perms;
|
|
|
|
allow rpm_script_t rpm_script_tmp_t:dir mounton;
|
|
--
|
|
2.34.1
|
|
|