RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

allow normal users to use 'systemd-run' 

It can also be used to create temporary units under `systemd --user`.

Signed-off-by: bauen1 <j2468h@gmail.com>
This commit is contained in:
bauen1 2020-04-21 19:44:08 +02:00
parent 466b59f447
commit 09c311f57f
No known key found for this signature in database
GPG Key ID: FF0AAF5E0812BA9C
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
policy/modules/system/systemd.if
View File

@ -24,6 +24,7 @@ template(`systemd_role_template',`
gen_require(` gen_require(`
attribute systemd_user_session_type, systemd_log_parse_env_type; attribute systemd_user_session_type, systemd_log_parse_env_type;
type systemd_user_runtime_t, systemd_user_runtime_notify_t; type systemd_user_runtime_t, systemd_user_runtime_notify_t;
type systemd_run_exec_t;
') ')
################################# #################################
@ -58,6 +59,8 @@ template(`systemd_role_template',`
# Allow using file descriptors for user environment generators # Allow using file descriptors for user environment generators
allow $3 $1_systemd_t:fd use; allow $3 $1_systemd_t:fd use;
can_exec($3, systemd_run_exec_t)
') ')
###################################### ######################################