File fix_cockpit.patch of Package selinux-policy

Overview Repositories Revisions Requests Users Attributes Meta

File fix_cockpit.patch of Package selinux-policy

From d63e6cf43bfe32d53b371b6920d4c09431647ddd Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Wed, 28 Apr 2021 17:09:49 +0200
Subject: [PATCH] cockpit: allow cockpit socket to bind nodes

Looks like this setting is implicit with kerberos enabled.
cockpit.socket fails to start if kerberos_enabled=false
---
 policy/modules/contrib/cockpit.te | 2 ++
 1 file changed, 2 insertions(+)

Index: fedora-policy-20210716/policy/modules/contrib/cockpit.te
===================================================================
--- fedora-policy-20210716.orig/policy/modules/contrib/cockpit.te
+++ fedora-policy-20210716/policy/modules/contrib/cockpit.te
@@ -51,7 +51,9 @@ can_exec(cockpit_ws_t,cockpit_session_ex
 dev_read_urand(cockpit_ws_t) # for authkey
 dev_read_rand(cockpit_ws_t)  # for libssh
 
+# cockpit-ws allows connections on websm port
 corenet_tcp_bind_websm_port(cockpit_ws_t)
+corenet_tcp_bind_generic_node(cockpit_ws_t)
 
 # cockpit-ws can connect to other hosts via ssh
 corenet_tcp_connect_ssh_port(cockpit_ws_t)
Index: fedora-policy-20210716/policy/modules/contrib/cockpit.fc
===================================================================
--- fedora-policy-20210716.orig/policy/modules/contrib/cockpit.fc
+++ fedora-policy-20210716/policy/modules/contrib/cockpit.fc
@@ -3,12 +3,12 @@
 /usr/lib/systemd/system/cockpit.*		--	gen_context(system_u:object_r:cockpit_unit_file_t,s0)
 /etc/systemd/system/cockpit.*	--	gen_context(system_u:object_r:cockpit_unit_file_t,s0)
 
-/usr/libexec/cockpit-ws		--	gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
-/usr/libexec/cockpit-tls	--	gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
-/usr/libexec/cockpit-wsinstance-factory	--	gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
+/usr/lib(exec)?/cockpit-ws		--	gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
+/usr/lib(exec)?/cockpit-tls	--	gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
+/usr/lib(exec)?/cockpit-wsinstance-factory	--	gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
 
-/usr/libexec/cockpit-session	--	gen_context(system_u:object_r:cockpit_session_exec_t,s0)
-/usr/libexec/cockpit-ssh	--	gen_context(system_u:object_r:cockpit_session_exec_t,s0)
+/usr/lib(exec)?/cockpit-session	--	gen_context(system_u:object_r:cockpit_session_exec_t,s0)
+/usr/lib(exec)?/cockpit-ssh	--	gen_context(system_u:object_r:cockpit_session_exec_t,s0)
 
 /usr/share/cockpit/motd/update-motd    -- gen_context(system_u:object_r:cockpit_ws_exec_t,s0)

Places

File fix_cockpit.patch of Package selinux-policy

Places