nnd
/
selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

systemd: Remove systemd-run domain. 

This command should be run with the privs of the caller.

Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
This commit is contained in:
Chris PeBenito 2022-04-29 14:37:24 +00:00 committed by Chris PeBenito
parent 602e1f71c6
commit a4534a76bb
4 changed files with 3 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/kernel/corecommands.te
View File

@ -14,7 +14,7 @@ attribute exec_type;
# bin_t is the type of files in the system bin/sbin directories.
#
type bin_t alias { ls_exec_t sbin_t };
typealias bin_t alias systemd_detect_virt_t;
typealias bin_t alias { systemd_detect_virt_t systemd_run_exec_t };
corecmd_executable_file(bin_t)
dev_associate(bin_t) #For /dev/MAKEDEV

1
policy/modules/system/systemd.fc
View File

@ -10,7 +10,6 @@
/usr/bin/systemd-coredump -- gen_context(system_u:object_r:systemd_coredump_exec_t,s0)
/usr/bin/systemd-hwdb -- gen_context(system_u:object_r:systemd_hw_exec_t,s0)
/usr/bin/systemd-nspawn -- gen_context(system_u:object_r:systemd_nspawn_exec_t,s0)
/usr/bin/systemd-run -- gen_context(system_u:object_r:systemd_run_exec_t,s0)
/usr/bin/systemd-stdio-bridge -- gen_context(system_u:object_r:systemd_stdio_bridge_exec_t,s0)
/usr/bin/systemd-sysusers -- gen_context(system_u:object_r:systemd_sysusers_exec_t,s0)
/usr/bin/systemd-tmpfiles -- gen_context(system_u:object_r:systemd_tmpfiles_exec_t,s0)

4
policy/modules/system/systemd.if
View File

@ -29,7 +29,7 @@ template(`systemd_role_template',`
gen_require(`
attribute systemd_user_session_type, systemd_log_parse_env_type;
attribute systemd_user_activated_sock_file_type, systemd_user_unix_stream_activated_socket_type;
type systemd_run_exec_t, systemd_analyze_exec_t;
type systemd_analyze_exec_t;
type systemd_conf_home_t, systemd_data_home_t;
type systemd_user_runtime_t, systemd_user_runtime_notify_t;
type systemd_user_unit_t;
@ -157,7 +157,7 @@ template(`systemd_role_template',`
allow $3 systemd_user_unit_t:service { reload start status stop };
allow $3 systemd_conf_home_t:service { reload start status stop };
can_exec($3, { systemd_run_exec_t systemd_analyze_exec_t })
can_exec($3, systemd_analyze_exec_t)
init_dbus_chat($3)
init_search_var_lib_dirs($3)

4
policy/modules/system/systemd.te
View File

@ -229,10 +229,6 @@ init_system_domain(systemd_resolved_t, systemd_resolved_exec_t)
type systemd_resolved_runtime_t alias systemd_resolved_var_run_t;
files_runtime_file(systemd_resolved_runtime_t)
type systemd_run_t;
type systemd_run_exec_t;
init_daemon_domain(systemd_run_t, systemd_run_exec_t)
type systemd_stdio_bridge_t;
type systemd_stdio_bridge_exec_t;
init_system_domain(systemd_stdio_bridge_t, systemd_stdio_bridge_exec_t)