nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #224 from fishilico/systemd-sd-executor-read-memfd

Browse Source
This commit is contained in:
Chris PeBenito 2020-04-20 15:42:02 -04:00
commit b79dd46406
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
policy/modules/system/systemd.te
View File

@ -247,6 +247,9 @@ type systemd_user_runtime_dir_t;
type systemd_user_runtime_dir_exec_t;
init_system_domain(systemd_user_runtime_dir_t, systemd_user_runtime_dir_exec_t)
type systemd_user_tmpfs_t;
userdom_user_tmpfs_file(systemd_user_tmpfs_t)
#
# Unit file types
#
@ -1316,6 +1319,9 @@ userdom_user_runtime_filetrans(systemd_user_session_type, systemd_user_runtime_t
allow systemd_user_session_type systemd_user_runtime_notify_t:sock_file create;
type_transition systemd_user_session_type systemd_user_runtime_t:sock_file systemd_user_runtime_notify_t "notify";
allow systemd_user_session_type systemd_user_tmpfs_t:file manage_file_perms;
fs_tmpfs_filetrans(systemd_user_session_type, systemd_user_tmpfs_t, file)
# Run generators in /usr/lib/systemd/user-environment-generators with no domain transition
can_exec(systemd_user_session_type, systemd_generator_exec_t)