diff options
| author |   Christian Göttsche <cgzones@googlemail.com> | 2024-03-28 20:01:49 +0100 |
|---|---|---|
| committer |   Kenton Groombridge <concord@gentoo.org> | 2024-05-14 13:40:40 -0400 |
| commit | 0319547854076e2d8faa71711c7d263c0f745a2d (patch) | |
| tree | 3331de78635355de8b75667b79ac5b749a081ebf | |
| parent | Update SOS report to work on RHEL9 (diff) | |
| download | hardened-refpolicy-0319547854076e2d8faa71711c7d263c0f745a2d.tar.gz hardened-refpolicy-0319547854076e2d8faa71711c7d263c0f745a2d.tar.bz2 hardened-refpolicy-0319547854076e2d8faa71711c7d263c0f745a2d.zip | |
getty: grant checkpoint_restore
Since Linux 6.7 checkpoint-restore functionality is guareded via the
capability CAP_CHECKPOINT_RESTORE, with a fallback to CAP_SYS_ADMIN.
Grant the new capability while keeping the old one for backwards
compatibility.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Kenton Groombridge <concord@gentoo.org>
| -rw-r--r-- | policy/modules/system/getty.te | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/policy/modules/system/getty.te b/policy/modules/system/getty.te index cba1f8ab5..7ca073b89 100644 --- a/policy/modules/system/getty.te +++ b/policy/modules/system/getty.te @@ -34,6 +34,7 @@ files_tmp_file(getty_tmp_t) # Use capabilities. allow getty_t self:capability { chown dac_override fowner fsetid setgid sys_admin sys_resource sys_tty_config }; dontaudit getty_t self:capability sys_tty_config; +allow getty_t self:capability2 checkpoint_restore; allow getty_t self:process { getpgid getsession setpgid signal_perms }; allow getty_t self:fifo_file rw_fifo_file_perms; |