RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

systemd: allow systemd-userdbd to getcap 

Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
Kenton Groombridge 2023-03-06 11:22:38 -05:00
parent 5ad60847c6
commit d1593345df
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/system/systemd.te
View File

@ -1878,7 +1878,7 @@ seutil_libselinux_linked(systemd_user_session_type)
#
allow systemd_userdbd_t self:capability { dac_read_search sys_resource };
allow systemd_userdbd_t self:process signal;
allow systemd_userdbd_t self:process { getcap signal };
allow systemd_userdbd_t self:unix_stream_socket create_stream_socket_perms;
stream_connect_pattern(systemd_userdbd_t, systemd_homed_runtime_t, systemd_homed_runtime_t, systemd_homed_t)