From ca0bcb0b5111a3d4526b11ef0c31b81a8aec0130 Mon Sep 17 00:00:00 2001
From: bauen1 <j2468h@gmail.com>
Date: Sat, 4 Apr 2020 10:34:00 +0200
Subject: [PATCH] systemd-user-runtime-dir: add required permissions

systemd-user-runtime-dir reads /proc/sys/kernel/osrelease and the
selinux config
---
 policy/modules/system/systemd.te | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 7c7ae5a74..fe1467ff6 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -1363,13 +1363,15 @@ fs_list_tmpfs(systemd_user_runtime_dir_t)
 fs_unmount_tmpfs(systemd_user_runtime_dir_t)
 fs_relabelfrom_tmpfs_dirs(systemd_user_runtime_dir_t)
 
+kernel_read_kernel_sysctls(systemd_user_runtime_dir_t)
+
 selinux_get_enforce_mode(systemd_user_runtime_dir_t)
-selinux_getattr_fs(systemd_user_runtime_dir_t)
 
 systemd_log_parse_environment(systemd_user_runtime_dir_t)
 systemd_dbus_chat_logind(systemd_user_runtime_dir_t)
 
 seutil_read_file_contexts(systemd_user_runtime_dir_t)
+seutil_libselinux_linked(systemd_user_runtime_dir_t)
 
 userdom_search_user_runtime_root(systemd_user_runtime_dir_t)
 userdom_user_runtime_root_filetrans_user_runtime(systemd_user_runtime_dir_t, dir)