RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #217 from bauen1/init-confined-keyring

This commit is contained in:
Chris PeBenito 2020-04-14 14:08:18 -04:00
parent 504f931980 f6ca80e336
commit 782cd81a4b
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/system/init.te
View File

@ -239,6 +239,7 @@ ifdef(`init_systemd',`
allow init_t self:netlink_route_socket create_netlink_socket_perms; allow init_t self:netlink_route_socket create_netlink_socket_perms;
allow init_t initrc_t:unix_dgram_socket create_socket_perms; allow init_t initrc_t:unix_dgram_socket create_socket_perms;
allow init_t self:capability2 audit_read; allow init_t self:capability2 audit_read;
allow init_t self:key { search setattr write };
allow init_t self:bpf { map_create map_read map_write prog_load prog_run }; allow init_t self:bpf { map_create map_read map_write prog_load prog_run };
allow init_t init_mountpoint_type:dir_file_class_set { getattr mounton }; allow init_t init_mountpoint_type:dir_file_class_set { getattr mounton };
@ -300,6 +301,7 @@ ifdef(`init_systemd',`
kernel_unmount_debugfs(init_t) kernel_unmount_debugfs(init_t)
kernel_search_key(init_t) kernel_search_key(init_t)
kernel_setsched(init_t) kernel_setsched(init_t)
kernel_link_key(init_t)
kernel_rw_unix_sysctls(init_t) kernel_rw_unix_sysctls(init_t)
# run systemd misc initializations # run systemd misc initializations