Projects
openEuler:22.03:LTS:LoongArch
selinux-policy
_service:tar_scm_kernel_repo:backport-Allow-sss...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm_kernel_repo:backport-Allow-sssd_kcm-read-and-write-z90crypt-device.patch of Package selinux-policy
From 80e7516c09c41c989176947265df41e39e94a31a Mon Sep 17 00:00:00 2001 From: Zdenek Pytela <zpytela@redhat.com> Date: Mon, 10 Jan 2022 17:15:56 +0100 Subject: [PATCH] Allow sssd_kcm read and write z90crypt device MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reference: https://gitbub.com/fedora-selinux/selinux-policy/commit/80e7516c09c41c989176947265df41e39e94a31a Conflict: NA This permission is required on s390x systems with the Crypto Express adapter card. The z90crypt device driver acts as the interface to the PCI cryptography hardware and performs asynchronous encryption operations (RSA) as used during the SSL handshake. Addresses the following AVC denial: PROCTITLE msg=audit(26.11.2021 17:43:18.641:78) : proctitle=/usr/libexec/sssd/sssd_kcm --uid 0 --gid 0 --logger=files type=AVC msg=audit(26.11.2021 17:43:18.641:78) : avc: denied { read write } for pid=1724 comm=sssd_kcm name=z90crypt dev="devtmpfs" ino=111 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:crypt_device_t:s0 tclass=chr_file permissive=0 type=SYSCALL msg=audit(26.11.2021 17:43:18.641:78) : arch=s390x syscall=openat success=no exit=EACCES(Operace zamÃtnuta) a0=0xffffffffffffff9c a1=0x3ffa56906e6 a2=O_RDWR a3=0x0 items=0 ppid=1 pid=1724 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sssd_kcm exe=/usr/libexec/sssd/sssd_kcm subj=system_u:system_r:sssd_t:s0 key=(null) Resolves: rhbz#2026974 Signed-off-by: lujie54 <lujie54@huawei.com> --- policy/modules/contrib/sssd.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/contrib/sssd.te b/policy/modules/contrib/sssd.te index b510dca..e5c8673 100644 --- a/policy/modules/contrib/sssd.te +++ b/policy/modules/contrib/sssd.te @@ -106,6 +106,7 @@ corecmd_exec_bin(sssd_t) dev_read_urand(sssd_t) dev_read_sysfs(sssd_t) +dev_rw_crypto(sssd_t) domain_read_all_domains_state(sssd_t) domain_obj_id_change_exemption(sssd_t) -- 1.8.3.1
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.