diff options
author | Chris PeBenito <cpebenito@tresys.com> | 2015-10-20 11:29:11 -0400 |
---|---|---|
committer | Jason Zaman <jason@perfinion.com> | 2015-10-26 11:35:39 +0800 |
commit | 968134591ae36b6064488b8ed9d7082aad03101b (patch) | |
tree | acfdc81dad034d2ef92a0aaf474a0c32b4c715c9 /policy/flask | |
parent | Add systemd build option. (diff) | |
download | hardened-refpolicy-968134591ae36b6064488b8ed9d7082aad03101b.tar.gz hardened-refpolicy-968134591ae36b6064488b8ed9d7082aad03101b.tar.bz2 hardened-refpolicy-968134591ae36b6064488b8ed9d7082aad03101b.zip |
Add systemd access vectors.
Diffstat (limited to 'policy/flask')
-rw-r--r-- | policy/flask/access_vectors | 21 | ||||
-rw-r--r-- | policy/flask/security_classes | 2 |
2 files changed, 23 insertions, 0 deletions
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors index 056cdd7c..3fe2bb96 100644 --- a/policy/flask/access_vectors +++ b/policy/flask/access_vectors @@ -393,6 +393,17 @@ class system syslog_mod syslog_console module_request + + # these are overloaded userspace + # permissions from systemd + halt + reboot + status + start + stop + enable + disable + reload } # @@ -910,3 +921,13 @@ inherits database implement execute } + +class service +{ + start + stop + status + reload + enable + disable +} diff --git a/policy/flask/security_classes b/policy/flask/security_classes index 8bc5d4ed..8b6f1ed3 100644 --- a/policy/flask/security_classes +++ b/policy/flask/security_classes @@ -145,4 +145,6 @@ class db_view # userspace class db_sequence # userspace class db_language # userspace +class service # userspace + # FLASK |