folkslinux
/
CBL-Mariner
mirror of https://github.com/microsoft/CBL-Mariner.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
CBL-Mariner/SPECS/selinux-policy/0001-cronyd-Add-dac_read_se...

29 lines
1.1 KiB
Diff
Raw Blame History

From 65161d23708305e48e941d791e3f6c23ce3248c4 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <Christopher.PeBenito@microsoft.com>
Date: Fri, 20 Aug 2021 18:11:23 +0000
Subject: [PATCH 01/35] cronyd: Add dac_read_search.
Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
---
policy/modules/services/chronyd.te | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
MSFT_TAG: pending
diff --git a/policy/modules/services/chronyd.te b/policy/modules/services/chronyd.te
index c984f2bb4..e914cde3f 100644
--- a/policy/modules/services/chronyd.te
+++ b/policy/modules/services/chronyd.te
@@ -54,7 +54,7 @@ logging_log_file(chronyd_var_log_t)
# chronyd local policy
#
-allow chronyd_t self:capability { chown dac_override ipc_lock setgid setuid sys_resource sys_time };
+allow chronyd_t self:capability { chown dac_read_search dac_override ipc_lock setgid setuid sys_resource sys_time };
allow chronyd_t self:process { getcap setcap setrlimit signal };
allow chronyd_t self:shm create_shm_perms;
allow chronyd_t self:fifo_file rw_fifo_file_perms;
--
2.34.1
Reference in New Issue View Git Blame Copy Permalink