Merge pull request from yizhao1/systemd

Fixes for systemd 255
This commit is contained in:
Chris PeBenito 2024-02-21 14:01:17 -05:00 committed by GitHub
commit 883cfaed99
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 5 additions and 2 deletions
policy/modules/system

View File

@ -719,6 +719,7 @@ kernel_dontaudit_getattr_proc(systemd_hostnamed_t)
dev_read_sysfs(systemd_hostnamed_t)
files_read_etc_files(systemd_hostnamed_t)
files_read_etc_runtime_files(systemd_hostnamed_t)
fs_getattr_all_fs(systemd_hostnamed_t)
@ -726,6 +727,8 @@ init_delete_runtime_files(systemd_hostnamed_t)
init_read_runtime_files(systemd_hostnamed_t)
init_write_runtime_files(systemd_hostnamed_t)
miscfiles_read_localization(systemd_hostnamed_t)
selinux_use_status_page(systemd_hostnamed_t)
seutil_read_config(systemd_hostnamed_t)
@ -1510,7 +1513,7 @@ logging_send_syslog_msg(systemd_pstore_t)
# Rfkill local policy
#
allow systemd_rfkill_t self:netlink_kobject_uevent_socket { bind create getattr read setopt };
allow systemd_rfkill_t self:netlink_kobject_uevent_socket { bind create getattr read getopt setopt };
manage_dirs_pattern(systemd_rfkill_t, systemd_rfkill_var_lib_t, systemd_rfkill_var_lib_t)
manage_files_pattern(systemd_rfkill_t, systemd_rfkill_var_lib_t, systemd_rfkill_var_lib_t)

View File

@ -40,7 +40,7 @@ optional_policy(`
allow udev_t self:capability { chown dac_override dac_read_search fowner fsetid mknod net_admin net_raw setgid setuid sys_admin sys_nice sys_ptrace sys_rawio sys_resource };
allow udev_t self:capability2 { wake_alarm block_suspend };
allow udev_t self:process { transition signal_perms ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setfscreate noatsecure siginh rlimitinh dyntransition execmem setkeycreate setsockcreate getrlimit };
allow udev_t self:process { transition signal_perms ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setfscreate noatsecure siginh rlimitinh dyntransition execmem setkeycreate setsockcreate setrlimit getrlimit };
allow udev_t self:fd use;
allow udev_t self:fifo_file rw_fifo_file_perms;
allow udev_t self:sock_file read_sock_file_perms;