diff options
author | Krzysztof Nowicki <krissn@op.pl> | 2021-02-03 07:35:13 +0100 |
---|---|---|
committer | Jason Zaman <perfinion@gentoo.org> | 2021-02-15 11:49:24 -0800 |
commit | c7679c9a675138403d7e84d096c5c911b8635ea9 (patch) | |
tree | b7564056ec7d25c8d2e0da752e7ce512fcc777f2 | |
parent | Allow systemd-tmpfilesd populating of /var/lib/dbus (diff) | |
download | hardened-refpolicy-c7679c9a675138403d7e84d096c5c911b8635ea9.tar.gz hardened-refpolicy-c7679c9a675138403d7e84d096c5c911b8635ea9.tar.bz2 hardened-refpolicy-c7679c9a675138403d7e84d096c5c911b8635ea9.zip |
When using systemd_tmpfilesd_managed also grant directory permissions
This allows systemd-tmpfilesd to create files inside directories
belonging to the subject domain.
Signed-off-by: Krzysztof Nowicki <krissn@op.pl>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
-rw-r--r-- | policy/modules/system/systemd.if | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if index fb20b528c..6a66a2d79 100644 --- a/policy/modules/system/systemd.if +++ b/policy/modules/system/systemd.if @@ -1174,6 +1174,7 @@ interface(`systemd_tmpfilesd_managed',` type systemd_tmpfiles_t; ') + allow systemd_tmpfiles_t $1:dir list_dir_perms; allow systemd_tmpfiles_t $1:$2 { setattr relabelfrom relabelto create }; ') |