blob: 3461d66ef1bc4b07dd6afc654b47235011afee63 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
From be2a2d244fd95e4207986fa095988a02cb33cb32 Mon Sep 17 00:00:00 2001
From: Yi Zhao <yi.zhao@windriver.com>
Date: Fri, 28 Oct 2022 11:56:09 +0800
Subject: [PATCH] policy/modules/roles/sysadm: allow sysadm to use init file
descriptors
Root can not login via console without this.
Fixes:
avc: denied { use } for pid=323 comm="sh" path="/dev/tty1"
dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t
tcontext=system_u:system_r:init_t tclass=fd permissive=0
Upstream-Status: Pending
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
policy/modules/roles/sysadm.te | 2 ++
1 file changed, 2 insertions(+)
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 69777df20..af5ccca9d 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -95,6 +95,8 @@ ifdef(`init_systemd',`
# LookupDynamicUserByUID on org.freedesktop.systemd1.
init_dbus_chat(sysadm_t)
+ init_use_fds(sysadm_t)
+
# Allow sysadm to get the status of and set properties of other users,
# sessions, and seats on the system.
systemd_dbus_chat_logind(sysadm_t)
--
2.25.1
|
