You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
36 lines
1.4 KiB
36 lines
1.4 KiB
diff --git a/policy/modules/admin/sudo.if b/policy/modules/admin/sudo.if |
|
index b6debf340..329eb3922 100644 |
|
--- a/policy/modules/admin/sudo.if |
|
+++ b/policy/modules/admin/sudo.if |
|
@@ -55,6 +55,7 @@ template(`sudo_role_template',` |
|
files_tmp_filetrans($1_sudo_t, $1_sudo_tmp_t, file) |
|
|
|
allow $1_sudo_t $3:dir search_dir_perms;; |
|
+ allow $1_sudo_t $3:file read_file_perms;; |
|
allow $1_sudo_t $3:key search; |
|
|
|
# Enter this derived domain from the user domain |
|
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te |
|
index c03a52c04..8569b19db 100644 |
|
--- a/policy/modules/roles/staff.te |
|
+++ b/policy/modules/roles/staff.te |
|
@@ -55,6 +55,7 @@ storage_read_scsi_generic(staff_t) |
|
storage_write_scsi_generic(staff_t) |
|
|
|
term_use_unallocated_ttys(staff_t) |
|
+term_use_generic_ptys(staff_t) |
|
|
|
auth_domtrans_pam_console(staff_t) |
|
|
|
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te |
|
index cceb511fc..f5139efd2 100644 |
|
--- a/policy/modules/system/userdomain.te |
|
+++ b/policy/modules/system/userdomain.te |
|
@@ -381,6 +381,7 @@ dontaudit confined_admindomain self:socket create; |
|
|
|
allow confined_admindomain user_devpts_t:chr_file { setattr rw_chr_file_perms }; |
|
term_create_pty(confined_admindomain, user_devpts_t) |
|
+term_use_generic_ptys(confined_admindomain) |
|
# avoid annoying messages on terminal hangup on role change |
|
dontaudit confined_admindomain user_devpts_t:chr_file ioctl; |
|
|
|
|