systemd: add policy for systemd-fstab-generator

policy/modules/system/systemd.fc

@@ -18,6 +18,7 @@
 /usr/bin/systemd-notify			--	gen_context(system_u:object_r:systemd_notify_exec_t,s0)
 
 # Systemd generators
+/usr/lib/systemd/system-generators/systemd-fstab-generator	    --	    gen_context(system_u:object_r:systemd_fstab_generator_exec_t,s0)
 /usr/lib/systemd/system-generators/systemd-gpt-auto-generator	    --	    gen_context(system_u:object_r:systemd_gpt_generator_exec_t,s0)
 
 /usr/lib/systemd/systemd-activate	--	gen_context(system_u:object_r:systemd_activate_exec_t,s0)

policy/modules/system/systemd.te

@@ -52,6 +52,10 @@ init_unit_file(systemd_binfmt_unit_t)
 type systemd_conf_t;
 files_config_file(systemd_conf_t)
 
+type systemd_fstab_generator_t;
+type systemd_fstab_generator_exec_t;
+init_system_domain(systemd_fstab_generator_t, systemd_fstab_generator_exec_t)
+
 type systemd_gpt_generator_t;
 type systemd_gpt_generator_exec_t;
 init_system_domain(systemd_gpt_generator_t, systemd_gpt_generator_exec_t)
@@ -258,6 +262,27 @@ files_read_etc_files(systemd_binfmt_t)
 
 fs_register_binary_executable_type(systemd_binfmt_t)
 
+#######################################
+#
+# fstab generator local policy
+#
+
+corecmd_search_bin(systemd_fstab_generator_t)
+
+files_read_etc_files(systemd_fstab_generator_t)
+files_search_pids(systemd_fstab_generator_t)
+
+fstools_exec(systemd_fstab_generator_t)
+
+init_create_write_pid_files(systemd_fstab_generator_t)
+init_manage_pid_dirs(systemd_fstab_generator_t)
+init_manage_pid_symlinks(systemd_fstab_generator_t)
+init_search_pids(systemd_fstab_generator_t)
+
+kernel_read_kernel_sysctls(systemd_fstab_generator_t)
+
+systemd_log_parse_environment(systemd_fstab_generator_t)
+
 #######################################
 #
 # GPT auto generator local policy