init: use pidfds from local login
Signed-off-by: Kenton Groombridge <concord@gentoo.org>
This commit is contained in:
Kenton Groombridge
parent
7fd9032d88
commit
4e97f87cee
|
|
@ -620,6 +620,10 @@ ifdef(`init_systemd',`
|
||||||
kubernetes_read_config(init_t)
|
kubernetes_read_config(init_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
locallogin_use_pidfds(init_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
# var-lib-nfs-rpc_pipefs.mount creates /var/lib/nfs/rpc_pipefs
|
# var-lib-nfs-rpc_pipefs.mount creates /var/lib/nfs/rpc_pipefs
|
||||||
# if it does not exist
|
# if it does not exist
|
||||||
|
|
|
||||||
|
|
@ -57,6 +57,24 @@ interface(`locallogin_use_fds',`
|
||||||
allow $1 local_login_t:fd use;
|
allow $1 local_login_t:fd use;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Use PIDFDs from local login.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`locallogin_use_pidfds',`
|
||||||
|
gen_require(`
|
||||||
|
type local_login_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 local_login_t:fd use;
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Do not audit attempts to inherit local login file descriptors.
|
## Do not audit attempts to inherit local login file descriptors.
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue