usermanage: Move kernel_dgram_send(passwd_t) to systemd block.

2019-03-11 20:56:46 -04:00 · 2019-03-11 20:56:46 -04:00 · 5260679657
parent 1cc0045642
commit 5260679657
1 changed files with 5 additions and 1 deletions
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@ -304,7 +304,6 @@ allow passwd_t self:msg { send receive };
 allow passwd_t crack_db_t:dir list_dir_perms;
 read_files_pattern(passwd_t, crack_db_t, crack_db_t)

-kernel_dgram_send(passwd_t)
 kernel_read_crypto_sysctls(passwd_t)
 kernel_read_kernel_sysctls(passwd_t)

@ -367,6 +366,11 @@ userdom_read_user_tmp_files(passwd_t)
 # on user home dir
 userdom_dontaudit_search_user_home_content(passwd_t)

+ifdef(`init_systemd',`
+	# for journald /dev/log
+	kernel_dgram_send(passwd_t)
+')
+
 optional_policy(`
 	nscd_run(passwd_t, passwd_roles)
 ')