systemd: add extra systemd_generator_t rules
Fixes: avc: denied { setfscreate } for pid=41 comm="systemd-getty-g" scontext=system_u:system_r:systemd_generator_t tcontext=system_u:system_r:systemd_generator_t tclass=process permissive=1 avc: denied { dac_override } for pid=40 comm="systemd-fstab-g" capability=1 scontext=system_u:system_r:systemd_generator_t tcontext=system_u:system_r:systemd_generator_t tclass=capability permissive=1 Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
This commit is contained in:
parent
f99b6907f4
commit
f71d288e54
|
@ -362,6 +362,8 @@ seutil_search_default_contexts(systemd_coredump_t)
|
||||||
#
|
#
|
||||||
|
|
||||||
allow systemd_generator_t self:fifo_file rw_fifo_file_perms;
|
allow systemd_generator_t self:fifo_file rw_fifo_file_perms;
|
||||||
|
allow systemd_generator_t self:capability dac_override;
|
||||||
|
allow systemd_generator_t self:process setfscreate;
|
||||||
|
|
||||||
corecmd_getattr_bin_files(systemd_generator_t)
|
corecmd_getattr_bin_files(systemd_generator_t)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue