diff options
author | bauen1 <j2468h@gmail.com> | 2020-05-18 21:23:39 +0200 |
---|---|---|
committer | Jason Zaman <perfinion@gentoo.org> | 2020-08-09 19:58:45 -0700 |
commit | d5736f0acc8b24e784e224e3b8e9bdde44ce8bdb (patch) | |
tree | da7bba8f6c5b28b4926373719d530103b2f8bdaa /policy/modules/system/systemd.te | |
parent | lvm-activation-generator also needs to execute lvm (diff) | |
download | hardened-refpolicy-d5736f0acc8b24e784e224e3b8e9bdde44ce8bdb.tar.gz hardened-refpolicy-d5736f0acc8b24e784e224e3b8e9bdde44ce8bdb.tar.bz2 hardened-refpolicy-d5736f0acc8b24e784e224e3b8e9bdde44ce8bdb.zip |
systemd: allow systemd-user-runtime-dir to do its job
It requires access to /run/user/UID while running as root
Signed-off-by: bauen1 <j2468h@gmail.com>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
Diffstat (limited to 'policy/modules/system/systemd.te')
-rw-r--r-- | policy/modules/system/systemd.te | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te index 4b449ed6..05b240a6 100644 --- a/policy/modules/system/systemd.te +++ b/policy/modules/system/systemd.te @@ -1366,7 +1366,7 @@ udev_list_pids(systemd_user_session_type) # systemd-user-runtime-dir local policy # -allow systemd_user_runtime_dir_t self:capability { fowner chown sys_admin dac_read_search }; +allow systemd_user_runtime_dir_t self:capability { fowner chown sys_admin dac_read_search dac_override }; allow systemd_user_runtime_dir_t self:process setfscreate; domain_obj_id_change_exemption(systemd_user_runtime_dir_t) |