@@ -1,4 +1,4 @@
-From 1096b2eb1172506006691e90769e51a086b8374f Mon Sep 17 00:00:00 2001
+From 4784a7fe74fd3842c1ade228e148cd6f5d6fd22e Mon Sep 17 00:00:00 2001
From: Yi Zhao <yi.zhao@windriver.com>
Date: Tue, 30 Jun 2020 10:45:57 +0800
Subject: [PATCH] fc: add fcontext for init scripts and systemd service files
@@ -34,11 +34,11 @@ index 382c067f9..0ecc5acc4 100644
/usr/bin/rngd -- gen_context(system_u:object_r:rngd_exec_t,s0)
diff --git a/policy/modules/services/rpc.fc b/policy/modules/services/rpc.fc
-index 75c2f0617..fa881ba2e 100644
+index 18c204908..95f06d8de 100644
--- a/policy/modules/services/rpc.fc
+++ b/policy/modules/services/rpc.fc
-@@ -1,7 +1,9 @@
- /etc/exports -- gen_context(system_u:object_r:exports_t,s0)
+@@ -2,7 +2,9 @@
+ /etc/exports\.d(/.*)? -- gen_context(system_u:object_r:exports_t,s0)
/etc/rc\.d/init\.d/nfs -- gen_context(system_u:object_r:nfsd_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/nfsserver -- gen_context(system_u:object_r:nfsd_initrc_exec_t,s0)
@@ -1,4 +1,4 @@
-From 2824a6c927bf6df4be997a138a27d159d533d08b Mon Sep 17 00:00:00 2001
+From b8b80a2a07c451a1c9dfc166efcd7985f7a0a966 Mon Sep 17 00:00:00 2001
From: Yi Zhao <yi.zhao@windriver.com>
Date: Fri, 8 Dec 2023 14:16:26 +0800
Subject: [PATCH] policy/modules/system/authlogin: fix login errors after
@@ -45,27 +45,27 @@ Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
3 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if
-index cd34cd9dd..b867f58b9 100644
+index dce1a0ea9..c55cdfc09 100644
--- a/policy/modules/admin/su.if
+++ b/policy/modules/admin/su.if
-@@ -75,7 +75,7 @@ template(`su_restricted_domain_template', `
+@@ -76,7 +76,7 @@ template(`su_restricted_domain_template', `
selinux_compute_access_vector($1_su_t)
auth_domtrans_chk_passwd($1_su_t)
- auth_dontaudit_read_shadow($1_su_t)
+ auth_read_shadow($1_su_t)
auth_use_nsswitch($1_su_t)
+ auth_create_faillog_files($1_su_t)
auth_rw_faillog($1_su_t)
-
-@@ -176,7 +176,7 @@ template(`su_role_template',`
+@@ -183,7 +183,7 @@ template(`su_role_template',`
selinux_use_status_page($1_su_t)
auth_domtrans_chk_passwd($1_su_t)
- auth_dontaudit_read_shadow($1_su_t)
+ auth_read_shadow($1_su_t)
auth_use_nsswitch($1_su_t)
+ auth_create_faillog_files($1_su_t)
auth_rw_faillog($1_su_t)
-
diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
index 3a5d1ac3e..f9d50a8d4 100644
--- a/policy/modules/system/authlogin.te
@@ -2,7 +2,7 @@ PV = "2.20231002+git${SRCPV}"
SRC_URI = "git://github.com/SELinuxProject/refpolicy.git;protocol=https;branch=main;name=refpolicy;destsuffix=refpolicy"
-SRCREV_refpolicy ?= "d7d41288b162b8786de844bde6daac25e4485565"
+SRCREV_refpolicy ?= "504feb7a98e2e70f774d6fe7107b5d1a5f2c6124"
UPSTREAM_CHECK_GITTAGREGEX = "RELEASE_(?P<pver>\d+_\d+)"
Update to latest rev to fix policy for systemd 255. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> --- ...ontext-for-init-scripts-and-systemd-service.patch | 8 ++++---- ...dules-system-authlogin-fix-login-errors-aft.patch | 12 ++++++------ recipes-security/refpolicy/refpolicy_git.inc | 2 +- 3 files changed, 11 insertions(+), 11 deletions(-)