RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

systemd: Misc updates. 

Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
This commit is contained in:
Chris PeBenito 2022-03-09 20:49:54 +00:00 committed by Chris PeBenito
parent 16badfa641
commit d767ebfef0
2 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/system/init.te
View File

@ -1050,7 +1050,7 @@ ifdef(`enable_mls',`
')
ifdef(`init_systemd',`
allow initrc_t init_t:system { start status reboot halt reload };
allow initrc_t init_t:system { start stop status reboot halt reload };
manage_files_pattern(initrc_t, initrc_lock_t, initrc_lock_t)
files_lock_filetrans(initrc_t, initrc_lock_t, file)

11
policy/modules/system/systemd.te
View File

@ -514,6 +514,7 @@ kernel_dontaudit_getattr_proc(systemd_generator_t)
kernel_dontaudit_search_unlabeled(systemd_generator_t)
storage_raw_read_fixed_disk(systemd_generator_t)
storage_raw_read_removable_device(systemd_generator_t)
systemd_log_parse_environment(systemd_generator_t)
@ -661,6 +662,7 @@ udev_read_runtime_files(systemd_homework_t)
#
allow systemd_hostnamed_t self:capability sys_admin;
allow systemd_hostnamed_t self:process setfscreate;
fs_getattr_cgroup(systemd_hostnamed_t)
fs_getattr_xattr_fs(systemd_hostnamed_t)
@ -672,6 +674,8 @@ dev_read_sysfs(systemd_hostnamed_t)
files_read_etc_files(systemd_hostnamed_t)
fs_getattr_all_fs(systemd_hostnamed_t)
selinux_use_status_page(systemd_hostnamed_t)
seutil_read_file_contexts(systemd_hostnamed_t)
@ -1391,8 +1395,8 @@ systemd_log_parse_environment(systemd_rfkill_t)
allow systemd_resolved_t self:capability { chown net_raw setgid setpcap setuid };
allow systemd_resolved_t self:process { getcap setcap setfscreate signal };
allow systemd_resolved_t self:tcp_socket { accept listen };
allow systemd_resolved_t self:unix_stream_socket create_stream_socket_perms;
allow systemd_resolved_t self:tcp_socket create_stream_socket_perms;
allow systemd_resolved_t systemd_networkd_runtime_t:dir watch;
@ -1528,7 +1532,7 @@ allow systemd_sysusers_t self:unix_dgram_socket sendto;
files_manage_etc_files(systemd_sysusers_t)
fs_getattr_all_fs(systemd_sysusers_t)
fs_search_cgroup_dirs(systemd_sysusers_t)
fs_search_all(systemd_sysusers_t)
kernel_read_kernel_sysctls(systemd_sysusers_t)
@ -1797,6 +1801,7 @@ seutil_libselinux_linked(systemd_user_session_type)
allow systemd_userdbd_t self:capability dac_read_search;
allow systemd_userdbd_t self:process signal;
allow systemd_userdbd_t self:unix_stream_socket create_stream_socket_perms;
stream_connect_pattern(systemd_userdbd_t, systemd_homed_runtime_t, systemd_homed_runtime_t, systemd_homed_t)