systemd: Move lines.
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
This commit is contained in:
Chris PeBenito
parent
ab0367b4b6
commit
a673712d8a
|
|
@ -78,6 +78,7 @@ template(`systemd_role_template',`
|
|||
dbus_system_bus_client($1_systemd_t)
|
||||
|
||||
selinux_use_status_page($1_systemd_t)
|
||||
|
||||
seutil_read_file_contexts($1_systemd_t)
|
||||
seutil_search_default_contexts($1_systemd_t)
|
||||
')
|
||||
|
|
|
|||
|
|
@ -151,13 +151,13 @@ type systemd_machined_t;
|
|||
type systemd_machined_exec_t;
|
||||
init_daemon_domain(systemd_machined_t, systemd_machined_exec_t)
|
||||
|
||||
type systemd_machined_devpts_t;
|
||||
term_login_pty(systemd_machined_devpts_t)
|
||||
|
||||
type systemd_machined_runtime_t alias systemd_machined_var_run_t;
|
||||
files_runtime_file(systemd_machined_runtime_t)
|
||||
init_daemon_runtime_file(systemd_machined_runtime_t, dir, "machines")
|
||||
|
||||
type systemd_machined_devpts_t;
|
||||
term_login_pty(systemd_machined_devpts_t)
|
||||
|
||||
type systemd_modules_load_t;
|
||||
type systemd_modules_load_exec_t;
|
||||
init_daemon_domain(systemd_modules_load_t, systemd_modules_load_exec_t)
|
||||
|
|
@ -562,9 +562,6 @@ allow systemd_logind_t self:fifo_file rw_fifo_file_perms;
|
|||
allow systemd_logind_t systemd_logind_var_lib_t:dir manage_dir_perms;
|
||||
init_var_lib_filetrans(systemd_logind_t, systemd_logind_var_lib_t, dir)
|
||||
|
||||
# for /run/systemd/userdb/io.systemd.Machine
|
||||
allow systemd_logind_t systemd_machined_t:unix_stream_socket connectto;
|
||||
|
||||
manage_fifo_files_pattern(systemd_logind_t, systemd_logind_runtime_t, systemd_logind_runtime_t)
|
||||
manage_files_pattern(systemd_logind_t, systemd_logind_runtime_t, systemd_logind_runtime_t)
|
||||
allow systemd_logind_t systemd_logind_runtime_t:dir manage_dir_perms;
|
||||
|
|
@ -574,6 +571,9 @@ manage_files_pattern(systemd_logind_t, systemd_logind_inhibit_runtime_t, systemd
|
|||
manage_fifo_files_pattern(systemd_logind_t, systemd_logind_inhibit_runtime_t, systemd_logind_inhibit_runtime_t)
|
||||
init_runtime_filetrans(systemd_logind_t, systemd_logind_inhibit_runtime_t, dir, "inhibit")
|
||||
|
||||
# for /run/systemd/userdb/io.systemd.Machine
|
||||
allow systemd_logind_t systemd_machined_t:unix_stream_socket connectto;
|
||||
|
||||
allow systemd_logind_t systemd_sessions_runtime_t:dir manage_dir_perms;
|
||||
allow systemd_logind_t systemd_sessions_runtime_t:file manage_file_perms;
|
||||
allow systemd_logind_t systemd_sessions_runtime_t:fifo_file manage_fifo_file_perms;
|
||||
|
|
@ -730,6 +730,9 @@ allow systemd_machined_t self:capability { setgid sys_chroot sys_ptrace };
|
|||
allow systemd_machined_t self:process setfscreate;
|
||||
allow systemd_machined_t self:unix_dgram_socket { connected_socket_perms connect };
|
||||
|
||||
term_create_pty(systemd_machined_t, systemd_machined_devpts_t)
|
||||
allow systemd_machined_t systemd_machined_devpts_t:chr_file manage_file_perms;
|
||||
|
||||
manage_files_pattern(systemd_machined_t, systemd_machined_runtime_t, systemd_machined_runtime_t)
|
||||
allow systemd_machined_t systemd_machined_runtime_t:lnk_file manage_lnk_file_perms;
|
||||
|
||||
|
|
@ -761,8 +764,6 @@ logging_send_syslog_msg(systemd_machined_t)
|
|||
|
||||
seutil_search_default_contexts(systemd_machined_t)
|
||||
|
||||
term_create_pty(systemd_machined_t, systemd_machined_devpts_t)
|
||||
allow systemd_machined_t systemd_machined_devpts_t:chr_file manage_file_perms;
|
||||
term_getattr_pty_fs(systemd_machined_t)
|
||||
|
||||
optional_policy(`
|
||||
|
|
|
|||
Loading…
Reference in New Issue