From 2a261f916694fc13689d804ca63d14df2f3cb2aa Mon Sep 17 00:00:00 2001 From: Matt Sheets Date: Fri, 26 Apr 2024 17:09:53 -0700 Subject: [PATCH] Allow systemd to pass down sig mask IgnoreSIGPIPE is a feature that requires systemd to passdown the signal mask down to the fork process. To allow this the siginh permission must be allowed for all process domains that can be forked by systemd. Signed-off-by: Matt Sheets --- policy/modules/system/init.if | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if index 27f82cfaf..4891301ad 100644 --- a/policy/modules/system/init.if +++ b/policy/modules/system/init.if @@ -189,6 +189,7 @@ interface(`init_domain',` allow $1 init_t:unix_stream_socket { getattr read write ioctl }; + allow init_t $1:process siginh; allow init_t $1:process2 { nnp_transition nosuid_transition }; # StandardInputText uses a memfd rw shm segment.