RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow systemd-tmpfilesd to set attributes of /var/lock 

Fixes:

avc:  denied  { setattr } for pid= comm="systemd-tmpfile" name="lock"
dev="tmpfs" ino= scontext=system_u:system_r:systemd_tmpfiles_t:s0
tcontext=system_u:object_r:var_lock_t:s0 tclass=dir

Signed-off-by: Krzysztof Nowicki <krissn@op.pl>
This commit is contained in:
Krzysztof Nowicki 2021-02-03 16:02:11 +01:00
parent 900a51f134
commit 017d9750a4
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
policy/modules/system/systemd.te
View File

@ -1330,6 +1330,7 @@ files_relabel_var_lib_dirs(systemd_tmpfiles_t)
files_relabelfrom_home(systemd_tmpfiles_t)
files_relabelto_home(systemd_tmpfiles_t)
files_relabelto_etc_dirs(systemd_tmpfiles_t)
files_setattr_lock_dirs(systemd_tmpfiles_t)
# for /etc/mtab
files_manage_etc_symlinks(systemd_tmpfiles_t)