Skip to content

kernel/files.fc: Label /run/motd as etc_t #232

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 3, 2018
Merged

kernel/files.fc: Label /run/motd as etc_t #232

merged 1 commit into from
Dec 3, 2018

Conversation

rfairley
Copy link
Contributor

This allows sshd to read /run/motd, with
upstream edits to PAM (linux-pam/linux-pam#69).

Following up to #230, this allows /run/motd to be read by sshd as well as /run/motd.d. This is so that changes in upstream PAM linux-pam/linux-pam#69 (specifically the default behaviour of trying to display /etc/motd, /run/motd, then /usr/lib/motd) can take effect.

Related: Once the RPM patch at https://src.fedoraproject.org/rpms/pam/pull-request/5 lands, this can be used in Rawhide.

cc @dustymabe, @lucab, @LorbusChris feel free to review :)

kernel/files.fc: Label /run/motd as etc_t
570a5f0 
This allows sshd to read /run/motd, with
upstream edits to PAM (linux-pam/linux-pam#69).
@lucab
Copy link

lucab commented Nov 29, 2018

From a cursory glance, it looks fine. Did you do a test-run with this policy?

@rfairley
Copy link
Contributor Author

@lucab thanks! I have only done chcon -t etc_t /run/motd to verify giving the etc_t type does permit sshd to read it. Will try testing with the policy that has these changes loaded.

@wrabcak wrabcak self-assigned this Dec 3, 2018
@wrabcak
Copy link
Member

wrabcak commented Dec 3, 2018

LGTM

@wrabcak wrabcak merged commit 473a8bf into fedora-selinux:rawhide Dec 3, 2018
@wrabcak
Copy link
Member

wrabcak commented Dec 3, 2018

Backported also to Fedora 29 and Fedora 28

@dustymabe dustymabe mentioned this pull request Dec 3, 2018
Merged
3 tasks
@rfairley rfairley deleted the rfairley-sshd-run branch December 7, 2018 15:57
@rfairley rfairley mentioned this pull request Jan 17, 2019
Closed
rfairley pushed a commit to rfairley/selinux-policy that referenced this pull request Jan 22, 2019
kernel/files.fc: Label /var/run/motd.d(./*)? and /var/run/motd as etc_t
c1ceeb0 
This fixes changes in fedora-selinux#230 and fedora-selinux#232 which conflicted due to the
/var/run and /run equivalency, causing the etc_t label not to be
applied/

Fixes: fedora-selinux#242
rfairley pushed a commit to rfairley/selinux-policy that referenced this pull request Jan 22, 2019
kernel/files.fc: Label /var/run/motd.d(./*)? and /var/run/motd as etc_t
bab13eb 
This fixes changes in fedora-selinux#230 and fedora-selinux#232 which conflicted due to the
/var/run and /run equivalency, causing the etc_t label not to be
applied.

Fixes: fedora-selinux#242
@rfairley rfairley mentioned this pull request Jan 22, 2019
Merged
rfairley pushed a commit to rfairley/selinux-policy that referenced this pull request Jan 24, 2019
kernel/files.fc: Label /var/run/motd.d(./*)? and /var/run/motd as pam…
f1fbb25 
…_var_run_t

This fixes changes in fedora-selinux#230 and fedora-selinux#232 which conflicted due to the
/var/run and /run equivalency, causing the etc_t label not to be
applied. It also applies a more appropriate label, pam_var_run_t.

Fixes: fedora-selinux#242
rfairley pushed a commit to rfairley/selinux-policy that referenced this pull request Jan 24, 2019
kernel/files.fc: Label /var/run/motd.d(./*)? and /var/run/motd as pam…
0b12468 
…_var_run_t

This fixes changes in fedora-selinux#230 and fedora-selinux#232 which conflicted due to the
/var/run and /run equivalency, causing the etc_t label not to be
applied. It also applies a more appropriate label, pam_var_run_t.

Fixes: fedora-selinux#242
wrabcak pushed a commit that referenced this pull request Feb 21, 2019
@wrabcak
kernel/files.fc: Label /var/run/motd.d(./*)? and /var/run/motd as pam…
953b598 
…_var_run_t

This fixes changes in #230 and #232 which conflicted due to the
/var/run and /run equivalency, causing the etc_t label not to be
applied. It also applies a more appropriate label, pam_var_run_t.

Fixes: #242
wrabcak pushed a commit that referenced this pull request Feb 21, 2019
@wrabcak
kernel/files.fc: Label /var/run/motd.d(./*)? and /var/run/motd as pam…
4b909cd 
…_var_run_t

This fixes changes in #230 and #232 which conflicted due to the
/var/run and /run equivalency, causing the etc_t label not to be
applied. It also applies a more appropriate label, pam_var_run_t.

Fixes: #242
zpytela pushed a commit to zpytela/selinux-policy that referenced this pull request Mar 21, 2019
@zpytela
kernel/files.fc: Label /var/run/motd.d(./*)? and /var/run/motd as pam…
b6b871d 
…_var_run_t

This fixes changes in fedora-selinux#230 and fedora-selinux#232 which conflicted due to the
/var/run and /run equivalency, causing the etc_t label not to be
applied. It also applies a more appropriate label, pam_var_run_t.

Fixes: fedora-selinux#242
zpytela pushed a commit to zpytela/selinux-policy that referenced this pull request Mar 27, 2019
@zpytela
kernel/files.fc: Label /var/run/motd.d(./*)? and /var/run/motd as pam…
a6377bc 
…_var_run_t

This fixes changes in fedora-selinux#230 and fedora-selinux#232 which conflicted due to the
/var/run and /run equivalency, causing the etc_t label not to be
applied. It also applies a more appropriate label, pam_var_run_t.

Fixes: fedora-selinux#242
zpytela pushed a commit to zpytela/selinux-policy that referenced this pull request Apr 17, 2019
@zpytela
kernel/files.fc: Label /var/run/motd.d(./*)? and /var/run/motd as pam…
00764ee 
…_var_run_t

This fixes changes in fedora-selinux#230 and fedora-selinux#232 which conflicted due to the
/var/run and /run equivalency, causing the etc_t label not to be
applied. It also applies a more appropriate label, pam_var_run_t.

Fixes: fedora-selinux#242
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@wrabcak wrabcak

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rfairley @lucab @wrabcak