init: Add NoNewPerms support for systemd.

2025-03-29 14:56:29 +00:00 · 2017-08-05 12:22:05 -04:00 · 2017-08-05 12:22:05 -04:00 · acac1fcf4e
commit acac1fcf4e
parent c51b772d2f
2 changed files with 3 additions and 1 deletions
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@ -131,6 +131,8 @@ interface(`init_domain',`

 	ifdef(`init_systemd',`
 		allow $1 init_t:unix_stream_socket { getattr read write ioctl };
+
+		allow init_t $1:process2 { nnp_transition nosuid_transition };
 	')
 ')

--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@ -1,4 +1,4 @@
-policy_module(init, 2.2.24)
+policy_module(init, 2.2.25)

 gen_require(`
 	class passwd rootok;