From 7aafe9d8b7fb043f7324225f9c99a697843dabd6 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Tue, 7 Feb 2017 19:03:59 -0500 Subject: [PATCH] Systemd tmpfiles fix for kmod.conf from Russell Coker. --- policy/modules/system/modutils.if | 18 ++++++++++++++++++ policy/modules/system/modutils.te | 2 +- policy/modules/system/systemd.te | 5 ++++- 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/policy/modules/system/modutils.if b/policy/modules/system/modutils.if index ae0825192..880730c96 100644 --- a/policy/modules/system/modutils.if +++ b/policy/modules/system/modutils.if @@ -333,3 +333,21 @@ interface(`modutils_exec_update_mods',` corecmd_search_bin($1) can_exec($1, update_modules_exec_t) ') + +######################################## +## +## Read kmod lib files. +## +## +## +## Domain allowed access. +## +## +# +interface(`modutils_read_var_run_files',` + gen_require(` + type kmod_var_run_t; + ') + + allow $1 kmod_var_run_t:file read_file_perms; +') diff --git a/policy/modules/system/modutils.te b/policy/modules/system/modutils.te index 5e1337f08..f9c396002 100644 --- a/policy/modules/system/modutils.te +++ b/policy/modules/system/modutils.te @@ -1,4 +1,4 @@ -policy_module(modutils, 1.17.1) +policy_module(modutils, 1.17.2) ######################################## # diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te index 48e9ee183..d16a3804a 100644 --- a/policy/modules/system/systemd.te +++ b/policy/modules/system/systemd.te @@ -1,4 +1,4 @@ -policy_module(systemd, 1.3.1) +policy_module(systemd, 1.3.2) ######################################### # @@ -355,6 +355,9 @@ auth_manage_login_records(systemd_tmpfiles_t) auth_relabel_login_records(systemd_tmpfiles_t) auth_setattr_login_records(systemd_tmpfiles_t) +# for /run/tmpfiles.d/kmod.conf +modutils_read_var_run_files(systemd_tmpfiles_t) + seutil_read_file_contexts(systemd_tmpfiles_t) systemd_log_parse_environment(systemd_tmpfiles_t)