From 776da889b550ac9e5be414a8cc10fd86b1923264 Mon Sep 17 00:00:00 2001 From: Joe MacDonald Date: Mon, 8 Apr 2019 13:50:40 -0400 Subject: refpolicy: update to 2.20190201 and git HEAD policies Additionally, the README has fallen out of date, update it to reflect the current reality of layer dependencies. Signed-off-by: Joe MacDonald --- ...ule-rpc-allow-nfsd-to-exec-shell-commands.patch | 29 ++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 recipes-security/refpolicy/refpolicy-git/0024-policy-module-rpc-allow-nfsd-to-exec-shell-commands.patch (limited to 'recipes-security/refpolicy/refpolicy-git/0024-policy-module-rpc-allow-nfsd-to-exec-shell-commands.patch') diff --git a/recipes-security/refpolicy/refpolicy-git/0024-policy-module-rpc-allow-nfsd-to-exec-shell-commands.patch b/recipes-security/refpolicy/refpolicy-git/0024-policy-module-rpc-allow-nfsd-to-exec-shell-commands.patch new file mode 100644 index 0000000..01f6c8b --- /dev/null +++ b/recipes-security/refpolicy/refpolicy-git/0024-policy-module-rpc-allow-nfsd-to-exec-shell-commands.patch @@ -0,0 +1,29 @@ +From bc1f2fba24fb63cd9a65ec22b34fcc59798bbaff Mon Sep 17 00:00:00 2001 +From: Xin Ouyang +Date: Thu, 22 Aug 2013 13:37:23 +0800 +Subject: [PATCH 24/34] policy/module/rpc: allow nfsd to exec shell commands. + +Upstream-Status: Inappropriate [only for Poky] + +Signed-off-by: Xin Ouyang +Signed-off-by: Joe MacDonald +--- + policy/modules/services/rpc.te | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/policy/modules/services/rpc.te b/policy/modules/services/rpc.te +index 47fa2fd0..d4209231 100644 +--- a/policy/modules/services/rpc.te ++++ b/policy/modules/services/rpc.te +@@ -227,7 +227,7 @@ kernel_read_network_state(nfsd_t) + kernel_dontaudit_getattr_core_if(nfsd_t) + kernel_setsched(nfsd_t) + kernel_request_load_module(nfsd_t) +-# kernel_mounton_proc(nfsd_t) ++kernel_mounton_proc(nfsd_t) + + corenet_sendrecv_nfs_server_packets(nfsd_t) + corenet_tcp_bind_nfs_port(nfsd_t) +-- +2.19.1 + -- cgit v1.2.3-54-g00ecf