nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #626 from dsugar100/main

Browse Source 
Allow local login to read /run/motd
This commit is contained in:
Chris PeBenito 2023-08-02 09:36:54 -04:00 committed by GitHub
commit 97e35d8845
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
policy/modules/system/authlogin.if
View File

@ -118,6 +118,25 @@ interface(`auth_use_pam_motd_dynamic',`
files_runtime_filetrans($1, pam_motd_runtime_t, file, "motd.dynamic.new") files_runtime_filetrans($1, pam_motd_runtime_t, file, "motd.dynamic.new")
') ')
########################################
## <summary>
## Read the pam module motd with dynamic support during authentication.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`auth_read_pam_motd_dynamic',`
gen_require(`
type pam_motd_runtime_t;
')
files_search_runtime($1)
allow $1 pam_motd_runtime_t:file read_file_perms;
')
######################################## ########################################
## <summary> ## <summary>
## Make the specified domain used for a login program. ## Make the specified domain used for a login program.

1
policy/modules/system/locallogin.te
View File

@ -128,6 +128,7 @@ auth_manage_pam_runtime_dirs(local_login_t)
auth_manage_pam_runtime_files(local_login_t) auth_manage_pam_runtime_files(local_login_t)
auth_manage_pam_console_data(local_login_t) auth_manage_pam_console_data(local_login_t)
auth_domtrans_pam_console(local_login_t) auth_domtrans_pam_console(local_login_t)
auth_read_pam_motd_dynamic(local_login_t)
init_dontaudit_use_fds(local_login_t) init_dontaudit_use_fds(local_login_t)