aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Sugar <dsugar@tresys.com>2018-11-17 04:23:43 +0000
committerJason Zaman <jason@perfinion.com>2018-11-18 18:56:47 +0800
commit97e7530c5e79281a24499ac28edcf35daa2349c2 (patch)
tree56a4626ba87bf451ddbb96b57e7b0cf6ef1f4475
parentAdd interfaces to control ntpd_unit_t systemd services (diff)
downloadhardened-refpolicy-97e7530c5e79281a24499ac28edcf35daa2349c2.tar.gz
hardened-refpolicy-97e7530c5e79281a24499ac28edcf35daa2349c2.tar.bz2
hardened-refpolicy-97e7530c5e79281a24499ac28edcf35daa2349c2.zip
interface to enable/disable systemd_networkd service
Signed-off-by: Dave Sugar <dsugar@tresys.com> Signed-off-by: Jason Zaman <jason@perfinion.com>
-rw-r--r--policy/modules/system/systemd.if19
1 files changed, 19 insertions, 0 deletions
diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if
index 9247924b..74f0b215 100644
--- a/policy/modules/system/systemd.if
+++ b/policy/modules/system/systemd.if
@@ -469,6 +469,25 @@ interface(`systemd_manage_networkd_units',`
########################################
## <summary>
+## Allow specified domain to enable systemd-networkd units
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`systemd_enabledisable_networkd',`
+ gen_require(`
+ type systemd_networkd_unit_t;
+ class service { enable disable };
+ ')
+
+ allow $1 systemd_networkd_unit_t:service { enable disable };
+')
+
+########################################
+## <summary>
## Allow specified domain to start systemd-networkd units
## </summary>
## <param name="domain">