systemd-user-runtime-dir: add policy
This commit is contained in:
parent
0d4e919176
commit
16f030a488
|
@ -35,6 +35,7 @@
|
|||
/usr/lib/systemd/systemd-resolved -- gen_context(system_u:object_r:systemd_resolved_exec_t,s0)
|
||||
/usr/lib/systemd/systemd-rfkill -- gen_context(system_u:object_r:systemd_rfkill_exec_t,s0)
|
||||
/usr/lib/systemd/systemd-update-done -- gen_context(system_u:object_r:systemd_update_done_exec_t,s0)
|
||||
/usr/lib/systemd/systemd-user-runtime-dir -- gen_context(system_u:object_r:systemd_user_runtime_dir_exec_t,s0)
|
||||
/usr/lib/systemd/systemd-user-sessions -- gen_context(system_u:object_r:systemd_sessions_exec_t,s0)
|
||||
|
||||
# Systemd unit files
|
||||
|
|
|
@ -226,6 +226,10 @@ userdom_user_runtime_content(systemd_user_runtime_notify_t)
|
|||
type systemd_user_runtime_t;
|
||||
userdom_user_runtime_content(systemd_user_runtime_t)
|
||||
|
||||
type systemd_user_runtime_dir_t;
|
||||
type systemd_user_runtime_dir_exec_t;
|
||||
init_system_domain(systemd_user_runtime_dir_t, systemd_user_runtime_dir_exec_t)
|
||||
|
||||
#
|
||||
# Unit file types
|
||||
#
|
||||
|
@ -1279,3 +1283,37 @@ storage_getattr_fixed_disk_dev(systemd_user_session_type)
|
|||
# for systemd to read udev status
|
||||
udev_read_pid_files(systemd_user_session_type)
|
||||
udev_list_pids(systemd_user_session_type)
|
||||
|
||||
#########################################
|
||||
#
|
||||
# systemd-user-runtime-dir local policy
|
||||
#
|
||||
|
||||
allow systemd_user_runtime_dir_t self:capability { fowner chown sys_admin dac_read_search };
|
||||
allow systemd_user_runtime_dir_t self:process setfscreate;
|
||||
|
||||
domain_obj_id_change_exemption(systemd_user_runtime_dir_t)
|
||||
|
||||
files_read_etc_files(systemd_user_runtime_dir_t)
|
||||
|
||||
fs_mount_tmpfs(systemd_user_runtime_dir_t)
|
||||
fs_getattr_tmpfs(systemd_user_runtime_dir_t)
|
||||
fs_list_tmpfs(systemd_user_runtime_dir_t)
|
||||
fs_unmount_tmpfs(systemd_user_runtime_dir_t)
|
||||
fs_relabelfrom_tmpfs_dirs(systemd_user_runtime_dir_t)
|
||||
|
||||
selinux_get_enforce_mode(systemd_user_runtime_dir_t)
|
||||
selinux_getattr_fs(systemd_user_runtime_dir_t)
|
||||
|
||||
systemd_log_parse_environment(systemd_user_runtime_dir_t)
|
||||
systemd_dbus_chat_logind(systemd_user_runtime_dir_t)
|
||||
|
||||
seutil_read_file_contexts(systemd_user_runtime_dir_t)
|
||||
|
||||
userdom_search_user_runtime_root(systemd_user_runtime_dir_t)
|
||||
userdom_user_runtime_root_filetrans_user_runtime(systemd_user_runtime_dir_t, dir)
|
||||
userdom_manage_user_runtime_dirs(systemd_user_runtime_dir_t)
|
||||
userdom_mounton_user_runtime_dirs(systemd_user_runtime_dir_t)
|
||||
userdom_relabelto_user_runtime_dirs(systemd_user_runtime_dir_t)
|
||||
|
||||
dbus_system_bus_client(systemd_user_runtime_dir_t)
|
||||
|
|
Loading…
Reference in New Issue