diff options
author | 2017-11-15 08:10:14 +0100 | |
---|---|---|
committer | 2017-12-12 15:03:03 +0800 | |
commit | b8e5cc37b86c861cd62c248953e342d424fe3252 (patch) | |
tree | 5863247c75ca6a0827c9f6a82ef9a24f89f2cba2 /policy/modules/system/locallogin.te | |
parent | Merge upstream (diff) | |
download | hardened-refpolicy-b8e5cc37b86c861cd62c248953e342d424fe3252.tar.gz hardened-refpolicy-b8e5cc37b86c861cd62c248953e342d424fe3252.tar.bz2 hardened-refpolicy-b8e5cc37b86c861cd62c248953e342d424fe3252.zip |
locallogin: Grant local_login_t the dac_read_search capability
It already has dac_override, and depending on the pam modules being
used, this may actually be neccessary. Due to the 4.13 changes, I'm now
getting dac_read_search denials.
Diffstat (limited to 'policy/modules/system/locallogin.te')
-rw-r--r-- | policy/modules/system/locallogin.te | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te index c8ef15cef..d2cabe0e2 100644 --- a/policy/modules/system/locallogin.te +++ b/policy/modules/system/locallogin.te @@ -32,7 +32,7 @@ role system_r types sulogin_t; # Local login local policy # -allow local_login_t self:capability { chown dac_override fowner fsetid kill setgid setuid sys_nice sys_resource sys_tty_config }; +allow local_login_t self:capability { chown dac_read_search dac_override fowner fsetid kill setgid setuid sys_nice sys_resource sys_tty_config }; dontaudit local_login_t self:capability net_admin; allow local_login_t self:process { setexec setrlimit setsched }; allow local_login_t self:fd use; |