Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sven Vermeulen <swift@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/kernel/
Date: Mon, 10 Apr 2017 16:59:34
Message-Id: 1491842699.a223ccaf9ede7fc52fdb9d5ba5a62b0c8d72ae30.swift@gentoo
1 commit: a223ccaf9ede7fc52fdb9d5ba5a62b0c8d72ae30
2 Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
3 AuthorDate: Sat Apr 1 16:08:42 2017 +0000
4 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
5 CommitDate: Mon Apr 10 16:44:59 2017 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=a223ccaf
7
8 systemd-nspawn again
9
10 This patch doesn't do everything that is needed to have systemd-nspawn work.
11 But it does everything that is needed and which I have written in a clear and
12 uncontroversial way. I think it's best to get this upstream now and then
13 either have a separate discussion about the more difficult issues, or wait
14 until I devise a way of solving those problems that's not too hacky.
15
16 Who knows, maybe someone else will devise a brilliant solution to the remaining
17 issues after this is accepted upstream.
18
19 Also there's a tiny patch for systemd_machined_t that is required by
20 systemd_nspawn_t.
21
22 Description: systemd-nspawn
23 Author: Russell Coker <russell <AT> coker.com.au>
24 Last-Update: 2017-03-29
25
26 policy/modules/kernel/devices.if | 36 ++++++++++
27 policy/modules/kernel/devices.te | 2 +-
28 policy/modules/kernel/files.if | 18 +++++
29 policy/modules/kernel/files.te | 2 +-
30 policy/modules/kernel/filesystem.if | 18 +++++
31 policy/modules/kernel/filesystem.te | 2 +-
32 policy/modules/kernel/kernel.if | 135 ++++++++++++++++++++++++++++++++++++
33 policy/modules/kernel/kernel.te | 2 +-
34 policy/modules/kernel/terminal.if | 18 +++++
35 policy/modules/kernel/terminal.te | 2 +-
36 policy/modules/system/init.if | 48 +++++++------
37 policy/modules/system/init.te | 2 +-
38 policy/modules/system/systemd.te | 119 ++++++++++++++++++++++++++++++-
39 13 files changed, 375 insertions(+), 29 deletions(-)
40
41 diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
42 index c5af9342..1f1fbca6 100644
43 --- a/policy/modules/kernel/devices.if
44 +++ b/policy/modules/kernel/devices.if
45 @@ -4064,6 +4064,24 @@ interface(`dev_getattr_sysfs',`
46
47 ########################################
48 ## <summary>
49 +## mount a sysfs filesystem
50 +## </summary>
51 +## <param name="domain">
52 +## <summary>
53 +## Domain allowed access.
54 +## </summary>
55 +## </param>
56 +#
57 +interface(`dev_mount_sysfs',`
58 + gen_require(`
59 + type sysfs_t;
60 + ')
61 +
62 + allow $1 sysfs_t:filesystem mount;
63 +')
64 +
65 +########################################
66 +## <summary>
67 ## Do not audit getting the attributes of sysfs filesystem
68 ## </summary>
69 ## <param name="domain">
70 @@ -4082,6 +4100,24 @@ interface(`dev_dontaudit_getattr_sysfs',`
71
72 ########################################
73 ## <summary>
74 +## mounton sysfs directories.
75 +## </summary>
76 +## <param name="domain">
77 +## <summary>
78 +## Domain allowed access.
79 +## </summary>
80 +## </param>
81 +#
82 +interface(`dev_mounton_sysfs_dirs',`
83 + gen_require(`
84 + type sysfs_t;
85 + ')
86 +
87 + allow $1 sysfs_t:dir mounton;
88 +')
89 +
90 +########################################
91 +## <summary>
92 ## Search the sysfs directories.
93 ## </summary>
94 ## <param name="domain">
95
96 diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
97 index e15c26c3..277a6a19 100644
98 --- a/policy/modules/kernel/devices.te
99 +++ b/policy/modules/kernel/devices.te
100 @@ -1,4 +1,4 @@
101 -policy_module(devices, 1.20.5)
102 +policy_module(devices, 1.20.6)
103
104 ########################################
105 #
106
107 diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
108 index 9d7a929a..9f9fdded 100644
109 --- a/policy/modules/kernel/files.if
110 +++ b/policy/modules/kernel/files.if
111 @@ -6340,6 +6340,24 @@ interface(`files_dontaudit_getattr_pid_dirs',`
112
113 ########################################
114 ## <summary>
115 +## mounton a /var/run directory.
116 +## </summary>
117 +## <param name="domain">
118 +## <summary>
119 +## Domain allowed access.
120 +## </summary>
121 +## </param>
122 +#
123 +interface(`files_mounton_pid_dirs',`
124 + gen_require(`
125 + type var_run_t;
126 + ')
127 +
128 + allow $1 var_run_t:dir mounton;
129 +')
130 +
131 +########################################
132 +## <summary>
133 ## Set the attributes of the /var/run directory.
134 ## </summary>
135 ## <param name="domain">
136
137 diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
138 index 10001b15..33c92c70 100644
139 --- a/policy/modules/kernel/files.te
140 +++ b/policy/modules/kernel/files.te
141 @@ -1,4 +1,4 @@
142 -policy_module(files, 1.23.8)
143 +policy_module(files, 1.23.9)
144
145 ########################################
146 #
147
148 diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
149 index bba3e389..cfaa3e85 100644
150 --- a/policy/modules/kernel/filesystem.if
151 +++ b/policy/modules/kernel/filesystem.if
152 @@ -4160,6 +4160,24 @@ interface(`fs_mounton_tmpfs',`
153
154 ########################################
155 ## <summary>
156 +## Mount on tmpfs files.
157 +## </summary>
158 +## <param name="domain">
159 +## <summary>
160 +## Domain allowed access.
161 +## </summary>
162 +## </param>
163 +#
164 +interface(`fs_mounton_tmpfs_files',`
165 + gen_require(`
166 + type tmpfs_t;
167 + ')
168 +
169 + allow $1 tmpfs_t:file mounton;
170 +')
171 +
172 +########################################
173 +## <summary>
174 ## Set the attributes of tmpfs directories.
175 ## </summary>
176 ## <param name="domain">
177
178 diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
179 index 3194b0e0..11ada353 100644
180 --- a/policy/modules/kernel/filesystem.te
181 +++ b/policy/modules/kernel/filesystem.te
182 @@ -1,4 +1,4 @@
183 -policy_module(filesystem, 1.22.5)
184 +policy_module(filesystem, 1.22.6)
185
186 ########################################
187 #
188
189 diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
190 index 6887b00d..cecf5d86 100644
191 --- a/policy/modules/kernel/kernel.if
192 +++ b/policy/modules/kernel/kernel.if
193 @@ -828,6 +828,42 @@ interface(`kernel_mount_kvmfs',`
194
195 ########################################
196 ## <summary>
197 +## mount the proc filesystem.
198 +## </summary>
199 +## <param name="domain">
200 +## <summary>
201 +## Domain allowed access.
202 +## </summary>
203 +## </param>
204 +#
205 +interface(`kernel_mount_proc',`
206 + gen_require(`
207 + type proc_t;
208 + ')
209 +
210 + allow $1 proc_t:filesystem mount;
211 +')
212 +
213 +########################################
214 +## <summary>
215 +## remount the proc filesystem.
216 +## </summary>
217 +## <param name="domain">
218 +## <summary>
219 +## Domain allowed access.
220 +## </summary>
221 +## </param>
222 +#
223 +interface(`kernel_remount_proc',`
224 + gen_require(`
225 + type proc_t;
226 + ')
227 +
228 + allow $1 proc_t:filesystem remount;
229 +')
230 +
231 +########################################
232 +## <summary>
233 ## Unmount the proc filesystem.
234 ## </summary>
235 ## <param name="domain">
236 @@ -864,6 +900,25 @@ interface(`kernel_getattr_proc',`
237
238 ########################################
239 ## <summary>
240 +## Mount on proc directories.
241 +## </summary>
242 +## <param name="domain">
243 +## <summary>
244 +## Domain allowed access.
245 +## </summary>
246 +## </param>
247 +## <rolecap/>
248 +#
249 +interface(`kernel_mounton_proc',`
250 + gen_require(`
251 + type proc_t;
252 + ')
253 +
254 + allow $1 proc_t:dir mounton;
255 +')
256 +
257 +########################################
258 +## <summary>
259 ## Do not audit attempts to set the
260 ## attributes of directories in /proc.
261 ## </summary>
262 @@ -1306,6 +1361,26 @@ interface(`kernel_dontaudit_getattr_message_if',`
263
264 ########################################
265 ## <summary>
266 +## Mount on kernel message interfaces files.
267 +## </summary>
268 +## <param name="domain">
269 +## <summary>
270 +## Domain allowed access.
271 +## </summary>
272 +## </param>
273 +## <rolecap/>
274 +#
275 +interface(`kernel_mounton_message_if',`
276 + gen_require(`
277 + type proc_t, proc_kmsg_t;
278 + ')
279 +
280 + allow $1 proc_t:dir list_dir_perms;
281 + allow $1 proc_kmsg_t:file { getattr mounton };
282 +')
283 +
284 +########################################
285 +## <summary>
286 ## Do not audit attempts to search the network
287 ## state directory.
288 ## </summary>
289 @@ -1557,6 +1632,26 @@ interface(`kernel_dontaudit_search_sysctl',`
290
291 ########################################
292 ## <summary>
293 +## Mount on sysctl_t dirs.
294 +## </summary>
295 +## <param name="domain">
296 +## <summary>
297 +## Domain allowed access.
298 +## </summary>
299 +## </param>
300 +## <rolecap/>
301 +#
302 +interface(`kernel_mounton_sysctl_dirs',`
303 + gen_require(`
304 + type proc_t, sysctl_t;
305 + ')
306 +
307 + allow $1 proc_t:dir list_dir_perms;
308 + allow $1 sysctl_t:dir { getattr mounton };
309 +')
310 +
311 +########################################
312 +## <summary>
313 ## Allow access to read sysctl directories.
314 ## </summary>
315 ## <param name="domain">
316 @@ -1577,6 +1672,26 @@ interface(`kernel_read_sysctl',`
317
318 ########################################
319 ## <summary>
320 +## Mount on sysctl files.
321 +## </summary>
322 +## <param name="domain">
323 +## <summary>
324 +## Domain allowed access.
325 +## </summary>
326 +## </param>
327 +## <rolecap/>
328 +#
329 +interface(`kernel_mounton_sysctl_files',`
330 + gen_require(`
331 + type proc_t, sysctl_t;
332 + ')
333 +
334 + allow $1 { proc_t sysctl_t }:dir list_dir_perms;
335 + allow $1 sysctl_t:file { getattr mounton };
336 +')
337 +
338 +########################################
339 +## <summary>
340 ## Allow caller to read the device sysctls.
341 ## </summary>
342 ## <param name="domain">
343 @@ -2021,6 +2136,26 @@ interface(`kernel_rw_kernel_sysctl',`
344 list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
345 ')
346
347 +#######################################
348 +## <summary>
349 +## Mount on kernel sysctl files.
350 +## </summary>
351 +## <param name="domain">
352 +## <summary>
353 +## Domain allowed access.
354 +## </summary>
355 +## </param>
356 +## <rolecap/>
357 +#
358 +interface(`kernel_mounton_kernel_sysctl_files',`
359 + gen_require(`
360 + type proc_t, sysctl_t, sysctl_kernel_t;
361 + ')
362 +
363 + allow $1 { proc_t sysctl_t sysctl_kernel_t }:dir list_dir_perms;
364 + allow $1 sysctl_kernel_t:file { getattr mounton };
365 +')
366 +
367 ########################################
368 ## <summary>
369 ## Search filesystem sysctl directories.
370
371 diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
372 index 034d6a0b..639b8454 100644
373 --- a/policy/modules/kernel/kernel.te
374 +++ b/policy/modules/kernel/kernel.te
375 @@ -1,4 +1,4 @@
376 -policy_module(kernel, 1.22.0)
377 +policy_module(kernel, 1.22.1)
378
379 ########################################
380 #
381
382 diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if
383 index 05be0475..d72775c0 100644
384 --- a/policy/modules/kernel/terminal.if
385 +++ b/policy/modules/kernel/terminal.if
386 @@ -133,6 +133,24 @@ interface(`term_user_tty',`
387
388 ########################################
389 ## <summary>
390 +## mount a devpts_t filesystem
391 +## </summary>
392 +## <param name="domain">
393 +## <summary>
394 +## The type of the process to mount it
395 +## </summary>
396 +## </param>
397 +#
398 +interface(`term_mount_devpts',`
399 + gen_require(`
400 + type devpts_t;
401 + ')
402 +
403 + allow $1 devpts_t:filesystem mount;
404 +')
405 +
406 +########################################
407 +## <summary>
408 ## Create a pty in the /dev/pts directory.
409 ## </summary>
410 ## <param name="domain">
411
412 diff --git a/policy/modules/kernel/terminal.te b/policy/modules/kernel/terminal.te
413 index b77752b5..a1fca0da 100644
414 --- a/policy/modules/kernel/terminal.te
415 +++ b/policy/modules/kernel/terminal.te
416 @@ -1,4 +1,4 @@
417 -policy_module(terminal, 1.16.1)
418 +policy_module(terminal, 1.16.2)
419
420 ########################################
421 #
422
423 diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
424 index 9b07a6e7..e42a7db5 100644
425 --- a/policy/modules/system/init.if
426 +++ b/policy/modules/system/init.if
427 @@ -828,6 +828,7 @@ interface(`init_dgram_send',`
428
429 dgram_send_pattern($1, init_var_run_t, init_var_run_t, init_t)
430 files_search_pids($1)
431 + allow $1 init_t:unix_stream_socket getattr;
432 ')
433
434 ########################################
435 @@ -1111,21 +1112,6 @@ interface(`init_relabel_var_lib_dirs',`
436 ## Domain allowed access.
437 ## </summary>
438 ## </param>
439 -## <param name="file_type">
440 -## <summary>
441 -## The type of the object to be created
442 -## </summary>
443 -## </param>
444 -## <param name="object_class">
445 -## <summary>
446 -## The object class.
447 -## </summary>
448 -## </param>
449 -## <param name="name" optional="true">
450 -## <summary>
451 -## The name of the object being created.
452 -## </summary>
453 -## </param>
454 #
455 interface(`init_manage_var_lib_files',`
456 gen_require(`
457 @@ -1513,6 +1499,24 @@ interface(`init_script_file_domtrans',`
458
459 ########################################
460 ## <summary>
461 +## Send a kill signal to init scripts.
462 +## </summary>
463 +## <param name="domain">
464 +## <summary>
465 +## Domain allowed access.
466 +## </summary>
467 +## </param>
468 +#
469 +interface(`init_kill_scripts',`
470 + gen_require(`
471 + type initrc_t;
472 + ')
473 +
474 + allow $1 initrc_t:process sigkill;
475 +')
476 +
477 +########################################
478 +## <summary>
479 ## Allow manage service for initrc_exec_t scripts
480 ## </summary>
481 ## <param name="domain">
482 @@ -1662,14 +1666,14 @@ interface(`init_startstop_service',`
483 #
484 interface(`init_run_daemon',`
485 gen_require(`
486 - attribute init_script_file_type;
487 + attribute init_script_file_type;
488 role system_r;
489 ')
490
491 allow $2 system_r;
492
493 - init_all_labeled_script_domtrans($1)
494 - role_transition $2 init_script_file_type system_r;
495 + init_all_labeled_script_domtrans($1)
496 + role_transition $2 init_script_file_type system_r;
497 ')
498
499 ########################################
500 @@ -2649,11 +2653,11 @@ interface(`init_delete_pid_files',`
501 ## </param>
502 #
503 interface(`init_write_pid_socket',`
504 - gen_require(`
505 - type init_var_run_t;
506 - ')
507 + gen_require(`
508 + type init_var_run_t;
509 + ')
510
511 - allow $1 init_var_run_t:sock_file write;
512 + allow $1 init_var_run_t:sock_file write;
513 ')
514
515 ########################################
516
517 diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
518 index dfde3f39..a0a1723c 100644
519 --- a/policy/modules/system/init.te
520 +++ b/policy/modules/system/init.te
521 @@ -1,4 +1,4 @@
522 -policy_module(init, 2.2.13)
523 +policy_module(init, 2.2.14)
524
525 gen_require(`
526 class passwd rootok;
527
528 diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
529 index e1f4c3a7..672d289d 100644
530 --- a/policy/modules/system/systemd.te
531 +++ b/policy/modules/system/systemd.te
532 @@ -1,4 +1,4 @@
533 -policy_module(systemd, 1.3.14)
534 +policy_module(systemd, 1.3.15)
535
536 #########################################
537 #
538 @@ -472,6 +472,9 @@ init_service_start(systemd_machined_t)
539 init_service_status(systemd_machined_t)
540 init_start_system(systemd_machined_t)
541 init_stop_system(systemd_machined_t)
542 +init_get_generic_units_status(systemd_machined_t)
543 +init_start_generic_units(systemd_machined_t)
544 +init_stop_generic_units(systemd_machined_t)
545
546 logging_send_syslog_msg(systemd_machined_t)
547
548 @@ -513,8 +516,122 @@ miscfiles_read_localization(systemd_notify_t)
549 # Nspawn local policy
550 #
551
552 +allow systemd_nspawn_t self:process { getcap setcap setfscreate sigkill };
553 +allow systemd_nspawn_t self:capability { dac_override fsetid mknod net_admin setgid setuid setpcap sys_admin sys_chroot };
554 +allow systemd_nspawn_t self:capability2 wake_alarm;
555 +allow systemd_nspawn_t self:unix_dgram_socket connected_socket_perms;
556 +
557 +allow systemd_nspawn_t systemd_journal_t:dir search;
558 +
559 +allow systemd_nspawn_t systemd_machined_t:dbus send_msg;
560 +
561 +allow systemd_nspawn_t systemd_nspawn_var_run_t:dir manage_dir_perms;
562 +allow systemd_nspawn_t systemd_nspawn_var_run_t:file manage_file_perms;
563 init_pid_filetrans(systemd_nspawn_t, systemd_nspawn_var_run_t, dir)
564
565 +# for /run/systemd/nspawn/incoming in chroot
566 +allow systemd_nspawn_t systemd_nspawn_var_run_t:dir mounton;
567 +
568 +kernel_mount_proc(systemd_nspawn_t)
569 +kernel_mounton_sysctl_dirs(systemd_nspawn_t)
570 +kernel_mounton_kernel_sysctl_files(systemd_nspawn_t)
571 +kernel_mounton_message_if(systemd_nspawn_t)
572 +kernel_mounton_proc(systemd_nspawn_t)
573 +kernel_mounton_sysctl_dirs(systemd_nspawn_t)
574 +kernel_read_kernel_sysctls(systemd_nspawn_t)
575 +kernel_read_system_state(systemd_nspawn_t)
576 +kernel_remount_proc(systemd_nspawn_t)
577 +kernel_unconfined(systemd_nspawn_t)
578 +
579 +corecmd_exec_shell(systemd_nspawn_t)
580 +corecmd_search_bin(systemd_nspawn_t)
581 +
582 +corenet_rw_tun_tap_dev(systemd_nspawn_t)
583 +
584 +dev_getattr_fs(systemd_nspawn_t)
585 +dev_manage_sysfs_dirs(systemd_nspawn_t)
586 +dev_mounton_sysfs_dirs(systemd_nspawn_t)
587 +dev_mount_sysfs(systemd_nspawn_t)
588 +dev_read_rand(systemd_nspawn_t)
589 +dev_read_urand(systemd_nspawn_t)
590 +
591 +files_getattr_tmp_dirs(systemd_nspawn_t)
592 +files_manage_etc_files(systemd_nspawn_t)
593 +files_manage_mnt_dirs(systemd_nspawn_t)
594 +files_mounton_mnt(systemd_nspawn_t)
595 +files_mounton_root(systemd_nspawn_t)
596 +files_mounton_tmp(systemd_nspawn_t)
597 +files_setattr_pid_dirs(systemd_nspawn_t)
598 +
599 +fs_getattr_tmpfs(systemd_nspawn_t)
600 +fs_manage_tmpfs_chr_files(systemd_nspawn_t)
601 +fs_mount_tmpfs(systemd_nspawn_t)
602 +fs_remount_tmpfs(systemd_nspawn_t)
603 +fs_search_cgroup_dirs(systemd_nspawn_t)
604 +
605 +term_getattr_generic_ptys(systemd_nspawn_t)
606 +term_getattr_pty_fs(systemd_nspawn_t)
607 +term_mount_devpts(systemd_nspawn_t)
608 +term_search_ptys(systemd_nspawn_t)
609 +term_setattr_generic_ptys(systemd_nspawn_t)
610 +term_use_ptmx(systemd_nspawn_t)
611 +
612 +init_domtrans_script(systemd_nspawn_t)
613 +init_kill_scripts(systemd_nspawn_t)
614 +init_read_state(systemd_nspawn_t)
615 +init_search_run(systemd_nspawn_t)
616 +init_write_pid_socket(systemd_nspawn_t)
617 +init_spec_domtrans_script(systemd_nspawn_t)
618 +
619 +miscfiles_manage_localization(systemd_nspawn_t)
620 +
621 +# for writing inside chroot
622 +sysnet_manage_config(systemd_nspawn_t)
623 +
624 +userdom_manage_user_home_dirs(systemd_nspawn_t)
625 +
626 +tunable_policy(`systemd_nspawn_labeled_namespace',`
627 + corecmd_exec_shell(systemd_nspawn_t)
628 +
629 + dev_mounton(systemd_nspawn_t)
630 + dev_setattr_generic_dirs(systemd_nspawn_t)
631 +
632 + files_search_home(systemd_nspawn_t)
633 + files_mounton_pid_dirs(systemd_nspawn_t)
634 +
635 + fs_getattr_cgroup(systemd_nspawn_t)
636 + fs_manage_cgroup_dirs(systemd_nspawn_t)
637 + fs_manage_tmpfs_dirs(systemd_nspawn_t)
638 + fs_manage_tmpfs_files(systemd_nspawn_t)
639 + fs_manage_tmpfs_symlinks(systemd_nspawn_t)
640 + fs_mount_cgroup(systemd_nspawn_t)
641 + fs_mounton_cgroup(systemd_nspawn_t)
642 + fs_mounton_tmpfs(systemd_nspawn_t)
643 + fs_mounton_tmpfs_files(systemd_nspawn_t)
644 + fs_remount_cgroup(systemd_nspawn_t)
645 + fs_search_tmpfs(systemd_nspawn_t)
646 + fs_write_cgroup_files(systemd_nspawn_t)
647 +
648 + selinux_getattr_fs(systemd_nspawn_t)
649 + selinux_search_fs(systemd_nspawn_t)
650 +
651 + init_domtrans(systemd_nspawn_t)
652 +
653 + logging_search_logs(systemd_nspawn_t)
654 +
655 + seutil_search_default_contexts(systemd_nspawn_t)
656 +')
657 +
658 +optional_policy(`
659 + allow systemd_machined_t systemd_nspawn_t:dbus send_msg;
660 +
661 + dbus_system_bus_client(systemd_nspawn_t)
662 +')
663 +
664 +optional_policy(`
665 + virt_manage_virt_content(systemd_nspawn_t)
666 +')
667 +
668 #######################################
669 #
670 # systemd_passwd_agent_t local policy
Report Message
Find on MARC Find on Google Groups