Merge pull request #754 from yizhao1/systemd

Fixes for systemd 255

policy/modules/system/systemd.te

@@ -719,6 +719,7 @@ kernel_dontaudit_getattr_proc(systemd_hostnamed_t)
 dev_read_sysfs(systemd_hostnamed_t)
 
 files_read_etc_files(systemd_hostnamed_t)
+files_read_etc_runtime_files(systemd_hostnamed_t)
 
 fs_getattr_all_fs(systemd_hostnamed_t)
 
@@ -726,6 +727,8 @@ init_delete_runtime_files(systemd_hostnamed_t)
 init_read_runtime_files(systemd_hostnamed_t)
 init_write_runtime_files(systemd_hostnamed_t)
 
+miscfiles_read_localization(systemd_hostnamed_t)
+
 selinux_use_status_page(systemd_hostnamed_t)
 
 seutil_read_config(systemd_hostnamed_t)
@@ -1510,7 +1513,7 @@ logging_send_syslog_msg(systemd_pstore_t)
 # Rfkill local policy
 #
 
-allow systemd_rfkill_t self:netlink_kobject_uevent_socket { bind create getattr read setopt };
+allow systemd_rfkill_t self:netlink_kobject_uevent_socket { bind create getattr read getopt setopt };
 
 manage_dirs_pattern(systemd_rfkill_t, systemd_rfkill_var_lib_t, systemd_rfkill_var_lib_t)
 manage_files_pattern(systemd_rfkill_t, systemd_rfkill_var_lib_t, systemd_rfkill_var_lib_t)

policy/modules/system/udev.te

@@ -40,7 +40,7 @@ optional_policy(`
 
 allow udev_t self:capability { chown dac_override dac_read_search fowner fsetid mknod net_admin net_raw setgid setuid sys_admin sys_nice sys_ptrace sys_rawio sys_resource };
 allow udev_t self:capability2 { wake_alarm block_suspend };
-allow udev_t self:process { transition signal_perms ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setfscreate noatsecure siginh rlimitinh dyntransition execmem setkeycreate setsockcreate getrlimit };
+allow udev_t self:process { transition signal_perms ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setfscreate noatsecure siginh rlimitinh dyntransition execmem setkeycreate setsockcreate setrlimit getrlimit };
 allow udev_t self:fd use;
 allow udev_t self:fifo_file rw_fifo_file_perms;
 allow udev_t self:sock_file read_sock_file_perms;