nnd
/
selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #766 from dsugar100/sos_rhel9 

Update SOS report to work on RHEL9
This commit is contained in:
Chris PeBenito 2024-04-02 08:55:19 -04:00 committed by GitHub
parent 48b4e36137 3643773aed
commit 77184560ba
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 43 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
policy/modules/admin/sosreport.fc
View File

@ -1,5 +1,6 @@
/usr/bin/sosreport -- gen_context(system_u:object_r:sosreport_exec_t,s0)
/usr/sbin/sosreport -- gen_context(system_u:object_r:sosreport_exec_t,s0)
/usr/sbin/sos -- gen_context(system_u:object_r:sosreport_exec_t,s0)
/\.ismount-test-file -- gen_context(system_u:object_r:sosreport_tmp_t,s0)

47
policy/modules/admin/sosreport.te
View File

@ -39,8 +39,10 @@ allow sosreport_t self:tcp_socket { accept listen };
allow sosreport_t self:unix_stream_socket { accept listen };
manage_dirs_pattern(sosreport_t, sosreport_tmp_t, sosreport_tmp_t)
manage_fifo_files_pattern(sosreport_t, sosreport_tmp_t, sosreport_tmp_t)
manage_files_pattern(sosreport_t, sosreport_tmp_t, sosreport_tmp_t)
manage_lnk_files_pattern(sosreport_t, sosreport_tmp_t, sosreport_tmp_t)
manage_sock_files_pattern(sosreport_t, sosreport_tmp_t, sosreport_tmp_t)
files_root_filetrans(sosreport_t, sosreport_tmp_t, file, ".ismount-test-file")
files_tmp_filetrans(sosreport_t, sosreport_tmp_t, { file dir })
@ -91,10 +93,17 @@ files_read_kernel_modules(sosreport_t)
files_read_all_symlinks(sosreport_t)
files_manage_etc_runtime_files(sosreport_t)
files_etc_filetrans_etc_runtime(sosreport_t, file)
files_map_usr_files(sosreport_t)
fs_getattr_all_fs(sosreport_t)
fs_list_inotifyfs(sosreport_t)
selinux_compute_access_vector(sosreport_t)
selinux_compute_create_context(sosreport_t)
selinux_get_all_booleans(sosreport_t)
selinux_read_policy(sosreport_t)
selinux_validate_context(sosreport_t)
storage_dontaudit_read_fixed_disk(sosreport_t)
storage_dontaudit_read_removable_device(sosreport_t)
@ -102,9 +111,11 @@ term_use_generic_ptys(sosreport_t)
auth_use_nsswitch(sosreport_t)
init_get_all_units_status(sosreport_t)
init_dbus_chat(sosreport_t)
init_domtrans_script(sosreport_t)
libs_domtrans_ldconfig(sosreport_t)
libs_run_ldconfig(sosreport_t, sosreport_roles)
logging_read_all_logs(sosreport_t)
logging_send_syslog_msg(sosreport_t)
@ -113,6 +124,8 @@ miscfiles_read_localization(sosreport_t)
modutils_read_module_deps(sosreport_t)
userdom_use_inherited_user_terminals(sosreport_t)
optional_policy(`
abrt_manage_runtime_files(sosreport_t)
abrt_manage_cache(sosreport_t)
@ -123,12 +136,21 @@ optional_policy(`
cups_stream_connect(sosreport_t)
')
optional_policy(`
devicekit_dbus_chat(sosreport_t)
devicekit_dbus_chat_disk(sosreport_t)
')
optional_policy(`
dmesg_domtrans(sosreport_t)
')
optional_policy(`
fstools_domtrans(sosreport_t)
firewalld_dbus_chat(sosreport_t)
')
optional_policy(`
fstools_run(sosreport_t, sosreport_roles)
')
optional_policy(`
@ -140,11 +162,19 @@ optional_policy(`
')
optional_policy(`
lvm_domtrans(sosreport_t)
lvm_run(sosreport_t, sosreport_roles)
')
optional_policy(`
mount_domtrans(sosreport_t)
mount_run(sosreport_t, sosreport_roles)
')
optional_policy(`
networkmanager_dbus_chat(sosreport_t)
')
optional_policy(`
ntp_dbus_chat(sosreport_t)
')
optional_policy(`
@ -158,7 +188,14 @@ optional_policy(`
')
optional_policy(`
setroubleshoot_signull(sosreport_t)
setroubleshoot_signull(sosreport_t)
')
optional_policy(`
systemd_dbus_chat_hostnamed(sosreport_t)
systemd_dbus_chat_logind(sosreport_t)
systemd_map_hwdb(sosreport_t)
systemd_read_journal_files(sosreport_t)
')
optional_policy(`