Merge pull request #98 from fishilico/ulogd-dynamic-user

2019-09-11 06:22:44 -04:00 · 2019-09-11 06:22:44 -04:00 · cfdf3b7981
parent f500ff48d2 f5a4ce1d35
commit cfdf3b7981
1 changed files with 12 additions and 0 deletions
--- a/policy/modules/services/ulogd.te
+++ b/policy/modules/services/ulogd.te
@ -36,6 +36,7 @@ logging_log_file(ulogd_var_log_t)
 # a rule allowing dac_read_search if you encounter this, but fix your system.
 allow ulogd_t self:capability { net_admin setgid setuid sys_nice };
 allow ulogd_t self:process setsched;
+allow ulogd_t self:fifo_file rw_fifo_file_perms;
 allow ulogd_t self:netlink_netfilter_socket create_socket_perms;
 allow ulogd_t self:netlink_nflog_socket create_socket_perms;
 allow ulogd_t self:netlink_socket create_socket_perms;
@ -65,6 +66,17 @@ miscfiles_read_localization(ulogd_t)

 sysnet_dns_name_resolve(ulogd_t)

+ifdef(`init_systemd', `
+	# For /run/systemd/dynamic-uid/
+	init_list_pids(ulogd_t)
+
+	optional_policy(`
+		dbus_system_bus_client(ulogd_t)
+		# For GetDynamicUser() of org.freedesktop.systemd1.Manager
+		init_dbus_chat(ulogd_t)
+	')
+')
+
 optional_policy(`
 	mysql_stream_connect(ulogd_t)
 	mysql_tcp_connect(ulogd_t)