From 47c495d6f1bf142bb34ce76dc4a79959a03cfe0a Mon Sep 17 00:00:00 2001 From: Daniel Burgener Date: Wed, 11 Nov 2020 21:14:43 +0000 Subject: [PATCH] Allow init to mount over the system bus In portable profiles, systemd bind mounts the system bus into process namespaces Signed-off-by: Daniel Burgener --- policy/modules/services/dbus.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/services/dbus.te b/policy/modules/services/dbus.te index 3c45aa123..b2c82ad25 100644 --- a/policy/modules/services/dbus.te +++ b/policy/modules/services/dbus.te @@ -50,6 +50,7 @@ init_named_socket_activation(system_dbusd_t, system_dbusd_runtime_t) type system_dbusd_runtime_t alias system_dbusd_var_run_t; files_runtime_file(system_dbusd_runtime_t) init_daemon_runtime_file(system_dbusd_runtime_t, dir, "dbus") +init_mountpoint(system_dbusd_runtime_t) type system_dbusd_tmp_t; files_tmp_file(system_dbusd_tmp_t)