diff options
author | Russell Coker <russell@coker.com.au> | 2023-09-22 00:21:25 +1000 |
---|---|---|
committer | Kenton Groombridge <concord@gentoo.org> | 2023-10-06 11:27:06 -0400 |
commit | 9a761587cf212b96c093e2ea1d9c3ed66ff7c37d (patch) | |
tree | 71d39cee37f74a4e90d786376009e940804c1ec2 | |
parent | systemd: allow systemd-networkd to create file in /run/systemd directory (diff) | |
download | hardened-refpolicy-9a761587cf212b96c093e2ea1d9c3ed66ff7c37d.tar.gz hardened-refpolicy-9a761587cf212b96c093e2ea1d9c3ed66ff7c37d.tar.bz2 hardened-refpolicy-9a761587cf212b96c093e2ea1d9c3ed66ff7c37d.zip |
debian motd.d directory (#689)
* policy for Debian motd.d dir
Signed-off-by: Russell Coker <russell@coker.com.au>
Signed-off-by: Kenton Groombridge <concord@gentoo.org>
-rw-r--r-- | policy/modules/services/xserver.te | 1 | ||||
-rw-r--r-- | policy/modules/system/authlogin.fc | 1 | ||||
-rw-r--r-- | policy/modules/system/authlogin.if | 1 |
3 files changed, 3 insertions, 0 deletions
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te index 68d9bd34b..58cd85626 100644 --- a/policy/modules/services/xserver.te +++ b/policy/modules/services/xserver.te @@ -472,6 +472,7 @@ auth_manage_pam_runtime_dirs(xdm_t) auth_manage_pam_runtime_files(xdm_t) auth_manage_pam_console_data(xdm_t) auth_read_shadow_history(xdm_t) +auth_use_pam_motd_dynamic(xdm_t) auth_write_login_records(xdm_t) # Run telinit->init to shutdown. diff --git a/policy/modules/system/authlogin.fc b/policy/modules/system/authlogin.fc index b47da01a5..adb53a05a 100644 --- a/policy/modules/system/authlogin.fc +++ b/policy/modules/system/authlogin.fc @@ -59,6 +59,7 @@ ifdef(`distro_suse', ` /run/motd -- gen_context(system_u:object_r:pam_motd_runtime_t,s0) /run/motd\.dynamic -- gen_context(system_u:object_r:pam_motd_runtime_t,s0) /run/motd\.dynamic\.new -- gen_context(system_u:object_r:pam_motd_runtime_t,s0) +/run/motd\.d(/.*)? gen_context(system_u:object_r:pam_motd_runtime_t,s0) /run/pam_mount(/.*)? gen_context(system_u:object_r:pam_runtime_t,s0) /run/pam_ssh(/.*)? gen_context(system_u:object_r:var_auth_t,s0) /run/sepermit(/.*)? gen_context(system_u:object_r:pam_runtime_t,s0) diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if index 4d11800aa..cd5ab2d7f 100644 --- a/policy/modules/system/authlogin.if +++ b/policy/modules/system/authlogin.if @@ -129,6 +129,7 @@ interface(`auth_use_pam_motd_dynamic',` corecmd_exec_shell($1) allow $1 pam_motd_runtime_t:file manage_file_perms; + allow $1 pam_motd_runtime_t:dir rw_dir_perms; files_runtime_filetrans($1, pam_motd_runtime_t, file, "motd.dynamic.new") ') |