init: allow systemd to nnp_transition and nosuid_transition to daemon domains

Signed-off-by: Kenton Groombridge <me@concord.sh>
2021-11-09 19:51:33 -05:00 · 2021-11-09 19:51:33 -05:00 · 30ea630d9d
parent a7de85503e
commit 30ea630d9d
1 changed files with 2 additions and 0 deletions
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@ -376,6 +376,8 @@ interface(`init_daemon_domain',`

 		allow $1 init_t:unix_dgram_socket sendto;

+		allow init_t $1:process2 { nnp_transition nosuid_transition };
+
 		optional_policy(`
 			systemd_stream_connect_socket_proxyd($1)
 		')