systemd: Unit generator fixes.

Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
2021-09-01 19:47:07 +00:00 · 2021-09-01 19:47:07 +00:00 · 6ce1e64c49
parent 96ea14ed59
commit 6ce1e64c49
2 changed files with 24 additions and 1 deletions
--- a/policy/modules/system/miscfiles.if
+++ b/policy/modules/system/miscfiles.if
@ -486,6 +486,26 @@ interface(`miscfiles_read_hwdata',`
 	read_lnk_files_pattern($1, hwdata_t, hwdata_t)
 ')

+########################################
+## <summary>
+##	Allow process to get the attributes of localization info
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`miscfiles_getattr_localization',`
+	gen_require(`
+		type locale_t;
+	')
+
+	files_search_usr($1)
+	allow $1 locale_t:dir list_dir_perms;
+	allow $1 locale_t:file getattr;
+')
+
 ########################################
 ## <summary>
 ##	Allow process to setattr localization info
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@ -438,11 +438,12 @@ allow systemd_generator_t self:capability dac_override;
 allow systemd_generator_t self:process setfscreate;

 corecmd_exec_shell(systemd_generator_t)
-corecmd_getattr_bin_files(systemd_generator_t)
+corecmd_exec_bin(systemd_generator_t)

 dev_read_sysfs(systemd_generator_t)
 dev_write_kmsg(systemd_generator_t)
 dev_write_sysfs_dirs(systemd_generator_t)
+dev_read_urand(systemd_generator_t)

 files_read_etc_files(systemd_generator_t)
 files_search_runtime(systemd_generator_t)
@ -479,6 +480,8 @@ systemd_log_parse_environment(systemd_generator_t)

 term_use_unallocated_ttys(systemd_generator_t)

+udev_search_runtime(systemd_generator_t)
+
 ifdef(`distro_gentoo',`
 	corecmd_shell_entry_type(systemd_generator_t)
 ')