diff mbox series

[meta-selinux,whinlatter] refpolicy: add auth_create_lastlog, auth_delete_lastlog

Message ID b7680b5a-775b-4684-8219-00b9346b4602@gmail.com
State New
Headers show
Series [meta-selinux,whinlatter] refpolicy: add auth_create_lastlog, auth_delete_lastlog | expand

Commit Message

Clayton Casciato March 19, 2026, 1:36 a.m. UTC 
Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
---
 ...ystem-authlogin-add-auth_create_last.patch | 61 +++++++++++++++++++
 .../refpolicy/refpolicy_common.inc            |  1 +
 2 files changed, 62 insertions(+)
 create mode 100644 recipes-security/refpolicy/refpolicy/0060-policy-modules-system-authlogin-add-auth_create_last.patch
diff mbox series

Patch

diff --git a/recipes-security/refpolicy/refpolicy/0060-policy-modules-system-authlogin-add-auth_create_last.patch b/recipes-security/refpolicy/refpolicy/0060-policy-modules-system-authlogin-add-auth_create_last.patch
new file mode 100644
index 0000000..17a7ab5
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0060-policy-modules-system-authlogin-add-auth_create_last.patch
@@ -0,0 +1,61 @@ 
+From 7c65b04395acf164874731a674335e1b543c3a7e Mon Sep 17 00:00:00 2001
+From: Clayton Casciato <ccasciato@21sw.us>
+Date: Thu, 15 Jan 2026 16:26:29 -0700
+Subject: [PATCH] authlogin: add auth_create_lastlog and auth_delete_lastlog
+
+Signed-off-by: Clayton Casciato <ccasciato@21sw.us>
+
+Upstream-Status: Backport [https://github.com/SELinuxProject/refpolicy/commit/1f0dbdbef203295d2c7f968608697121f18af348]
+
+Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
+---
+ policy/modules/system/authlogin.if | 36 ++++++++++++++++++++++++++++++
+ 1 file changed, 36 insertions(+)
+
+diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
+index 35e6e7c2f..bb282024c 100644
+--- a/policy/modules/system/authlogin.if
++++ b/policy/modules/system/authlogin.if
+@@ -1073,6 +1073,42 @@ interface(`auth_rw_lastlog',`
+ 	allow $1 lastlog_t:file { lock rw_file_perms setattr };
+ ')
+ 
++#######################################
++## <summary>
++##	Create the last logins log.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`auth_create_lastlog',`
++	gen_require(`
++		type lastlog_t;
++	')
++
++	create_files_pattern($1, lastlog_t, lastlog_t)
++')
++
++#######################################
++## <summary>
++##	Delete the last logins log.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`auth_delete_lastlog',`
++	gen_require(`
++		type lastlog_t;
++	')
++
++	delete_files_pattern($1, lastlog_t, lastlog_t)
++')
++
+ ########################################
+ ## <summary>
+ ##     Manage the last logins log.
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index e65edcf..b69cc31 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -75,6 +75,7 @@  SRC_URI += " \
         file://0057-policy-modules-system-logging-allow-syslogd_t-syslog.patch \
         file://0058-policy-modules-system-logging-allow-miscfiles_read_g.patch \
         file://0059-policy-modules-system-authlogin-label-var_lib_lastlo.patch \
+        file://0060-policy-modules-system-authlogin-add-auth_create_last.patch \
         "
 
 S = "${UNPACKDIR}/refpolicy"