Allow sysnet_dns_name_resolve() to use resolved to resolve DNS names

Also allow unconfined_t to talk with the resolved daemon
2018-11-11 13:33:28 +01:00 · 2018-11-11 13:33:28 +01:00 · 404dcf2af4
commit 404dcf2af4
parent 06588b55b4
2 changed files with 14 additions and 3 deletions
--- a/policy/modules/system/sysnetwork.if
+++ b/policy/modules/system/sysnetwork.if
@ -756,9 +756,14 @@ interface(`sysnet_dns_name_resolve',`
 		nscd_use($1)
 	')

-	# This seems needed when the mymachines NSS module is used
-	optional_policy(`
-		systemd_read_machines($1)
+	ifdef(`init_systemd',`
+		optional_policy(`
+			systemd_dbus_chat_resolved($1)
+		')
+		# This seems needed when the mymachines NSS module is used
+		optional_policy(`
+			systemd_read_machines($1)
+		')
 	')
 ')

--- a/policy/modules/system/unconfined.te
+++ b/policy/modules/system/unconfined.te
@ -58,6 +58,12 @@ ifdef(`direct_sysadm_daemon',`
        ')
 ')

+ifdef(`init_systemd',`
+	optional_policy(`
+		systemd_dbus_chat_resolved(unconfined_t)
+	')
+')
+
 optional_policy(`
 	ada_domtrans(unconfined_t)
 ')