Allow init to mount over the system bus

In portable profiles, systemd bind mounts the system bus into process namespaces Signed-off-by: Daniel Burgener <Daniel.Burgener@microsoft.com> Signed-off-by: Jason Zaman <perfinion@gentoo.org>
author: Daniel Burgener <Daniel.Burgener@microsoft.com> 2020-11-11 21:14:43 +0000
committer: Jason Zaman <perfinion@gentoo.org> 2020-11-28 14:55:41 -0800
commit: 1958d08d70d801a23e7ef15a8b3b0857b6c79946 (patch)
tree: dd96bb65be99b6a56b64c3ace372110f5131386d
parent: Merge upstream (diff)
download: hardened-refpolicy-1958d08d.tar.gz
hardened-refpolicy-1958d08d.tar.bz2
hardened-refpolicy-1958d08d.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/policy/modules/services/dbus.te b/policy/modules/services/dbus.te
index f123c6d9..86e79b76 100644
--- a/policy/modules/services/dbus.te
+++ b/policy/modules/services/dbus.te
@@ -50,6 +50,7 @@ init_named_socket_activation(system_dbusd_t, system_dbusd_runtime_t)
 type system_dbusd_runtime_t alias system_dbusd_var_run_t;
 files_runtime_file(system_dbusd_runtime_t)
 init_daemon_runtime_file(system_dbusd_runtime_t, dir, "dbus")
+init_mountpoint(system_dbusd_runtime_t)
 
 type system_dbusd_tmp_t;
 files_tmp_file(system_dbusd_tmp_t)
author	Daniel Burgener <Daniel.Burgener@microsoft.com>	2020-11-11 21:14:43 +0000
committer	Jason Zaman <perfinion@gentoo.org>	2020-11-28 14:55:41 -0800
commit	1958d08d70d801a23e7ef15a8b3b0857b6c79946 (patch)
tree	dd96bb65be99b6a56b64c3ace372110f5131386d
parent	Merge upstream (diff)
download	hardened-refpolicy-1958d08d.tar.gz hardened-refpolicy-1958d08d.tar.bz2 hardened-refpolicy-1958d08d.zip