[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/, policy/modules/system/

Fri, 06 Oct 2023 09:44:38 -0700 

commit:     9a761587cf212b96c093e2ea1d9c3ed66ff7c37d
Author:     Russell Coker <russell <AT> coker <DOT> com <DOT> au>
AuthorDate: Thu Sep 21 14:21:25 2023 +0000
Commit:     Kenton Groombridge <concord <AT> gentoo <DOT> org>
CommitDate: Fri Oct  6 15:27:06 2023 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=9a761587

debian motd.d directory (#689)

* policy for Debian motd.d dir

Signed-off-by: Russell Coker <russell <AT> coker.com.au>
Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org>

 policy/modules/services/xserver.te | 1 +
 policy/modules/system/authlogin.fc | 1 +
 policy/modules/system/authlogin.if | 1 +
 3 files changed, 3 insertions(+)

diff --git a/policy/modules/services/xserver.te 
b/policy/modules/services/xserver.te
index 68d9bd34b..58cd85626 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -472,6 +472,7 @@ auth_manage_pam_runtime_dirs(xdm_t)
 auth_manage_pam_runtime_files(xdm_t)
 auth_manage_pam_console_data(xdm_t)
 auth_read_shadow_history(xdm_t)
+auth_use_pam_motd_dynamic(xdm_t)
 auth_write_login_records(xdm_t)
 
 # Run telinit->init to shutdown.

diff --git a/policy/modules/system/authlogin.fc 
b/policy/modules/system/authlogin.fc
index b47da01a5..adb53a05a 100644
--- a/policy/modules/system/authlogin.fc
+++ b/policy/modules/system/authlogin.fc
@@ -59,6 +59,7 @@ ifdef(`distro_suse', `
 /run/motd              --      
gen_context(system_u:object_r:pam_motd_runtime_t,s0)
 /run/motd\.dynamic     --      
gen_context(system_u:object_r:pam_motd_runtime_t,s0)
 /run/motd\.dynamic\.new        --      
gen_context(system_u:object_r:pam_motd_runtime_t,s0)
+/run/motd\.d(/.*)?             
gen_context(system_u:object_r:pam_motd_runtime_t,s0)
 /run/pam_mount(/.*)?   gen_context(system_u:object_r:pam_runtime_t,s0)
 /run/pam_ssh(/.*)?             gen_context(system_u:object_r:var_auth_t,s0)
 /run/sepermit(/.*)?    gen_context(system_u:object_r:pam_runtime_t,s0)

diff --git a/policy/modules/system/authlogin.if 
b/policy/modules/system/authlogin.if
index 4d11800aa..cd5ab2d7f 100644
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -129,6 +129,7 @@ interface(`auth_use_pam_motd_dynamic',`
        corecmd_exec_shell($1)
 
        allow $1 pam_motd_runtime_t:file manage_file_perms;
+       allow $1 pam_motd_runtime_t:dir rw_dir_perms;
        files_runtime_filetrans($1, pam_motd_runtime_t, file, 
"motd.dynamic.new")
 ')

Reply via email to