RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

systemd: set context to systemd_networkd_var_lib_t for /var/lib/systemd/network 

Fixes:
avc:  denied  { read } for  pid=344 comm="systemd-network"
path="/var/lib/systemd/network" dev="vda" ino=30708
scontext=system_u:system_r:systemd_networkd_t
tcontext=system_u:object_r:init_var_lib_t tclass=dir permissive=1

avc:  denied  { write } for  pid=344 comm="systemd-network"
name="network" dev="vda" ino=30708
scontext=system_u:system_r:systemd_networkd_t
tcontext=system_u:object_r:init_var_lib_t tclass=dir permissive=1

avc:  denied  { getattr } for  pid=344 comm="systemd-network"
path="/var/lib/systemd/network" dev="vda" ino=30708
scontext=system_u:system_r:systemd_networkd_t
tcontext=system_u:object_r:init_var_lib_t tclass=dir permissive=1

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
This commit is contained in:
Yi Zhao 2024-08-11 20:00:44 +08:00
parent faa409e9f4
commit 29d0bb8c33
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
policy/modules/system/systemd.fc
View File

@ -87,6 +87,7 @@ HOME_DIR/\.local/share/systemd(/.*)? gen_context(system_u:object_r:systemd_data
/var/lib/systemd/coredump(/.*)? gen_context(system_u:object_r:systemd_coredump_var_lib_t,s0)
/var/lib/systemd/home(/.*)? gen_context(system_u:object_r:systemd_homed_var_lib_t,s0)
/var/lib/systemd/linger(/.*)? gen_context(system_u:object_r:systemd_logind_var_lib_t,s0)
/var/lib/systemd/network(/.*)? gen_context(system_u:object_r:systemd_networkd_var_lib_t,s0)
/var/lib/systemd/pstore(/.*)? gen_context(system_u:object_r:systemd_pstore_var_lib_t,s0)
/var/lib/systemd/rfkill(/.*)? gen_context(system_u:object_r:systemd_rfkill_var_lib_t,s0)

7
policy/modules/system/systemd.te
View File

@ -212,6 +212,9 @@ init_mountpoint(systemd_networkd_runtime_t)
type systemd_networkd_unit_t;
init_unit_file(systemd_networkd_unit_t)
type systemd_networkd_var_lib_t;
files_type(systemd_networkd_var_lib_t)
type systemd_notify_t;
type systemd_notify_exec_t;
init_daemon_domain(systemd_notify_t, systemd_notify_exec_t)
@ -1241,6 +1244,10 @@ manage_dirs_pattern(systemd_networkd_t, systemd_networkd_runtime_t, systemd_netw
manage_files_pattern(systemd_networkd_t, systemd_networkd_runtime_t, systemd_networkd_runtime_t)
manage_lnk_files_pattern(systemd_networkd_t, systemd_networkd_runtime_t, systemd_networkd_runtime_t)
init_var_lib_filetrans(systemd_networkd_t, systemd_networkd_var_lib_t, dir)
manage_dirs_pattern(systemd_networkd_t, systemd_networkd_var_lib_t, systemd_networkd_var_lib_t)
manage_files_pattern(systemd_networkd_t, systemd_networkd_var_lib_t, systemd_networkd_var_lib_t)
kernel_read_system_state(systemd_networkd_t)
kernel_read_kernel_sysctls(systemd_networkd_t)
kernel_read_network_state(systemd_networkd_t)