nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

dbus: allow the system bus to get the status of generic units

Browse Source 
dbus-broker checks the status of systemd-logind.

type=USER_AVC msg=audit(1705109503.237:123): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  { status } for auid=n/a uid=0 gid=101 path="/usr/lib /systemd/system/systemd-logind.service" cmdline="/usr/bin/dbus-broker-launch --scope system --audit" function="reply_unit_path" scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:systemd_unit_t:s0 tclass=service permissive=1 exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'

Signed-off-by: Kenton Groombridge <concord@gentoo.org>
This commit is contained in:
Kenton Groombridge 2024-01-12 20:48:16 -05:00 committed by 0xC0ncord
parent 6d5271cb18
commit 22b65cba5e
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
policy/modules/services/dbus.te
View File

@ -208,6 +208,9 @@ ifdef(`init_systemd', `
init_start_system(system_dbusd_t) # needed by dbus-broker
# dbus-broker checks the status of systemd-logind
init_get_generic_units_status(system_dbusd_t)
# for system dbus daemon to start/stop units
init_start_all_units(system_dbusd_t)
init_stop_all_units(system_dbusd_t)