systemd-sysusers: add policy
On systems without the unconfined module this service needs additional privileges. Signed-off-by: bauen1 <j2468h@gmail.com>
This commit is contained in:
parent
e01cd6c98b
commit
8f782ae820
|
@ -13,6 +13,7 @@
|
|||
/usr/bin/systemd-nspawn -- gen_context(system_u:object_r:systemd_nspawn_exec_t,s0)
|
||||
/usr/bin/systemd-run -- gen_context(system_u:object_r:systemd_run_exec_t,s0)
|
||||
/usr/bin/systemd-stdio-bridge -- gen_context(system_u:object_r:systemd_stdio_bridge_exec_t,s0)
|
||||
/usr/bin/systemd-sysusers -- gen_context(system_u:object_r:systemd_sysusers_exec_t,s0)
|
||||
/usr/bin/systemd-tmpfiles -- gen_context(system_u:object_r:systemd_tmpfiles_exec_t,s0)
|
||||
/usr/bin/systemd-tty-ask-password-agent -- gen_context(system_u:object_r:systemd_passwd_agent_exec_t,s0)
|
||||
/usr/bin/systemd-notify -- gen_context(system_u:object_r:systemd_notify_exec_t,s0)
|
||||
|
|
|
@ -223,6 +223,10 @@ type systemd_sessions_runtime_t alias systemd_sessions_var_run_t;
|
|||
files_pid_file(systemd_sessions_runtime_t)
|
||||
init_daemon_pid_file(systemd_sessions_runtime_t, dir, "systemd_sessions")
|
||||
|
||||
type systemd_sysusers_t;
|
||||
type systemd_sysusers_exec_t;
|
||||
init_system_domain(systemd_sysusers_t, systemd_sysusers_exec_t)
|
||||
|
||||
type systemd_tmpfiles_t;
|
||||
type systemd_tmpfiles_exec_t;
|
||||
init_daemon_domain(systemd_tmpfiles_t, systemd_tmpfiles_exec_t)
|
||||
|
@ -1158,6 +1162,29 @@ seutil_read_file_contexts(systemd_sessions_t)
|
|||
|
||||
systemd_log_parse_environment(systemd_sessions_t)
|
||||
|
||||
|
||||
#########################################
|
||||
#
|
||||
# Sysusers local policy
|
||||
#
|
||||
|
||||
allow systemd_sysusers_t self:capability { chown fsetid };
|
||||
allow systemd_sysusers_t self:process setfscreate;
|
||||
allow systemd_sysusers_t self:unix_dgram_socket sendto;
|
||||
|
||||
files_manage_etc_files(systemd_sysusers_t)
|
||||
|
||||
kernel_read_kernel_sysctls(systemd_sysusers_t)
|
||||
|
||||
auth_manage_shadow(systemd_sysusers_t)
|
||||
auth_etc_filetrans_shadow(systemd_sysusers_t)
|
||||
auth_use_nsswitch(systemd_sysusers_t)
|
||||
|
||||
seutil_libselinux_linked(systemd_sysusers_t)
|
||||
seutil_read_file_contexts(systemd_sysusers_t)
|
||||
|
||||
systemd_log_parse_environment(systemd_sysusers_t)
|
||||
|
||||
#########################################
|
||||
#
|
||||
# Tmpfiles local policy
|
||||
|
|
Loading…
Reference in New Issue