nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #747 from cgzones/getattr

Browse Source 
init: only grant getattr in init_getattr_generic_units_files()
This commit is contained in:
Chris PeBenito 2024-01-09 12:39:11 -05:00 committed by GitHub
commit 45f43ca378
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/system/init.if
View File

@ -3359,7 +3359,7 @@ interface(`init_getattr_generic_units_files',`
type systemd_unit_t;
')
allow $1 systemd_unit_t:file read_file_perms;
allow $1 systemd_unit_t:file getattr;
')
########################################

2
policy/modules/system/systemd.te
View File

@ -519,7 +519,7 @@ init_search_runtime(systemd_generator_t)
init_setattr_runtime_files(systemd_generator_t)
init_write_runtime_files(systemd_generator_t)
init_list_unit_dirs(systemd_generator_t)
init_getattr_generic_units_files(systemd_generator_t)
init_read_generic_units_files(systemd_generator_t)
init_read_generic_units_symlinks(systemd_generator_t)
init_read_script_files(systemd_generator_t)