diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te index 495e9e081..63a43e4fb 100644 --- a/policy/modules/system/systemd.te +++ b/policy/modules/system/systemd.te @@ -1043,6 +1043,29 @@ optional_policy(` ') +######################################### +# +# systemd-pstore local policy +# + +dontaudit systemd_pstore_t self:capability net_admin; + +manage_files_pattern(systemd_pstore_t, systemd_pstore_var_lib_t, systemd_pstore_var_lib_t) + +files_read_etc_files(systemd_pstore_t) +files_search_var_lib(systemd_pstore_t) + +fs_list_pstore_dirs(systemd_pstore_t) +fs_read_pstore_files(systemd_pstore_t) +fs_delete_pstore_files(systemd_pstore_t) + +init_search_run(systemd_pstore_t) +init_list_var_lib_dirs(systemd_pstore_t) + +kernel_read_system_state(systemd_pstore_t) + +logging_send_syslog_msg(systemd_pstore_t) + ####################################### # # Rfkill local policy @@ -1425,26 +1448,3 @@ userdom_mounton_user_runtime_dirs(systemd_user_runtime_dir_t) userdom_relabelto_user_runtime_dirs(systemd_user_runtime_dir_t) dbus_system_bus_client(systemd_user_runtime_dir_t) - -######################################### -# -# systemd-pstore local policy -# - -dontaudit systemd_pstore_t self:capability net_admin; - -manage_files_pattern(systemd_pstore_t, systemd_pstore_var_lib_t, systemd_pstore_var_lib_t) - -files_read_etc_files(systemd_pstore_t) -files_search_var_lib(systemd_pstore_t) - -fs_list_pstore_dirs(systemd_pstore_t) -fs_read_pstore_files(systemd_pstore_t) -fs_delete_pstore_files(systemd_pstore_t) - -init_search_run(systemd_pstore_t) -init_list_var_lib_dirs(systemd_pstore_t) - -kernel_read_system_state(systemd_pstore_t) - -logging_send_syslog_msg(systemd_pstore_t)