nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #209 from dsommers/dbus-can-tuntap-2

Browse Source
This commit is contained in:
Chris PeBenito 2020-04-06 10:50:26 -04:00
commit f5646b7e75
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
policy/modules/services/dbus.te
View File

@ -9,6 +9,15 @@ gen_require(`
# Declarations
#
## <desc>
## <p>
## Allow dbus-daemon system bus to access /dev/net/tun
## which is needed to pass tun/tap device file descriptors
## over D-Bus. This is needed by openvpn3-linux.
## </p>
## </desc>
gen_tunable(dbus_can_pass_tuntap_fd, false)
attribute dbusd_unconfined;
attribute session_bus_type;
@ -165,6 +174,10 @@ ifdef(`init_systemd', `
init_write_runtime_socket(system_dbusd_t)
')
tunable_policy(`dbus_can_pass_tuntap_fd',`
corenet_rw_tun_tap_dev(system_dbusd_t)
')
optional_policy(`
# for /run/systemd/users/*
systemd_read_logind_pids(system_dbusd_t)