init: allow systemd to rw shadow lock files

This is in support of dynamic users.

Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
Kenton Groombridge 2021-04-09 10:56:49 -04:00
parent 26e9ec7c43
commit c0b1c7be66
1 changed files with 2 additions and 0 deletions

View File

@ -476,6 +476,8 @@ ifdef(`init_systemd',`
auth_relabel_login_records(init_t) auth_relabel_login_records(init_t)
auth_relabel_pam_console_data_dirs(init_t) auth_relabel_pam_console_data_dirs(init_t)
auth_domtrans_chk_passwd(init_t) auth_domtrans_chk_passwd(init_t)
# for systemd dynamic users
auth_rw_shadow_lock(init_t)
logging_manage_runtime_sockets(init_t) logging_manage_runtime_sockets(init_t)
logging_relabelto_devlog_sock_files(init_t) logging_relabelto_devlog_sock_files(init_t)