Merge pull request #156 from fishilico/groupadd-dynamic-users
This commit is contained in:
Chris PeBenito
commit
0a8fd613de
|
|
@ -277,6 +277,10 @@ optional_policy(`
|
|||
rpm_rw_pipes(groupadd_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
systemd_use_nss(groupadd_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
unconfined_use_fds(groupadd_t)
|
||||
')
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/etc/\.updated -- gen_context(system_u:object_r:systemd_update_run_t,s0)
|
||||
|
||||
/etc/systemd/dont-synthesize-nobody -- gen_context(system_u:object_r:systemd_conf_t,s0)
|
||||
/etc/udev/hwdb\.bin -- gen_context(system_u:object_r:systemd_hwdb_t,s0)
|
||||
|
||||
/run/log/journal(/.*)? gen_context(system_u:object_r:systemd_journal_t,s0)
|
||||
|
|
|
|||
|
|
@ -79,6 +79,34 @@ interface(`systemd_log_parse_environment',`
|
|||
typeattribute $1 systemd_log_parse_env_type;
|
||||
')
|
||||
|
||||
######################################
|
||||
## <summary>
|
||||
## Allow domain to use systemd's Name Service Switch (NSS) module.
|
||||
## This module provides UNIX user and group name resolution for dynamic users
|
||||
## and groups allocated through the DynamicUser= option in systemd unit files
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`systemd_use_nss',`
|
||||
gen_require(`
|
||||
type systemd_conf_t;
|
||||
')
|
||||
|
||||
# Get attributes of /etc/systemd/dont-synthesize-nobody
|
||||
files_search_etc($1)
|
||||
allow $1 systemd_conf_t:file getattr;
|
||||
|
||||
optional_policy(`
|
||||
dbus_system_bus_client($1)
|
||||
# For GetDynamicUser(), LookupDynamicUserByName()... of org.freedesktop.systemd1.Manager
|
||||
init_dbus_chat($1)
|
||||
')
|
||||
')
|
||||
|
||||
######################################
|
||||
## <summary>
|
||||
## Allow domain to be used as a systemd service with a unit
|
||||
|
|
|
|||
|
|
@ -49,6 +49,9 @@ init_system_domain(systemd_binfmt_t, systemd_binfmt_exec_t)
|
|||
type systemd_binfmt_unit_t;
|
||||
init_unit_file(systemd_binfmt_unit_t)
|
||||
|
||||
type systemd_conf_t;
|
||||
files_config_file(systemd_conf_t)
|
||||
|
||||
type systemd_gpt_generator_t;
|
||||
type systemd_gpt_generator_exec_t;
|
||||
init_system_domain(systemd_gpt_generator_t, systemd_gpt_generator_exec_t)
|
||||
|
|
|
|||
Loading…
Reference in New Issue