debian motd.d directory (#689)

* policy for Debian motd.d dir

Signed-off-by: Russell Coker <russell@coker.com.au>
Signed-off-by: Kenton Groombridge <concord@gentoo.org>

3 files changed, 3 insertions, 0 deletions

diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 68d9bd34b..58cd85626 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -472,6 +472,7 @@ auth_manage_pam_runtime_dirs(xdm_t)
 auth_manage_pam_runtime_files(xdm_t)
 auth_manage_pam_console_data(xdm_t)
 auth_read_shadow_history(xdm_t)
+auth_use_pam_motd_dynamic(xdm_t)
 auth_write_login_records(xdm_t)
 
 # Run telinit->init to shutdown.
diff --git a/policy/modules/system/authlogin.fc b/policy/modules/system/authlogin.fc
index b47da01a5..adb53a05a 100644
--- a/policy/modules/system/authlogin.fc
+++ b/policy/modules/system/authlogin.fc
@@ -59,6 +59,7 @@ ifdef(`distro_suse', `
 /run/motd		--	gen_context(system_u:object_r:pam_motd_runtime_t,s0)
 /run/motd\.dynamic	--	gen_context(system_u:object_r:pam_motd_runtime_t,s0)
 /run/motd\.dynamic\.new	--	gen_context(system_u:object_r:pam_motd_runtime_t,s0)
+/run/motd\.d(/.*)?		gen_context(system_u:object_r:pam_motd_runtime_t,s0)
 /run/pam_mount(/.*)?	gen_context(system_u:object_r:pam_runtime_t,s0)
 /run/pam_ssh(/.*)?		gen_context(system_u:object_r:var_auth_t,s0)
 /run/sepermit(/.*)? 	gen_context(system_u:object_r:pam_runtime_t,s0)
diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
index 4d11800aa..cd5ab2d7f 100644
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -129,6 +129,7 @@ interface(`auth_use_pam_motd_dynamic',`
 	corecmd_exec_shell($1)
 
 	allow $1 pam_motd_runtime_t:file manage_file_perms;
+	allow $1 pam_motd_runtime_t:dir rw_dir_perms;
 	files_runtime_filetrans($1, pam_motd_runtime_t, file, "motd.dynamic.new")
 ')