aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAntoine Tenart <antoine.tenart@bootlin.com>2020-08-13 12:08:03 +0200
committerJason Zaman <perfinion@gentoo.org>2020-10-11 14:14:40 -0700
commite5975779e32d5337266c191163bbde851ee4bda9 (patch)
tree518b961abb55037764c93abc202575fc8a3be5e7 /policy/modules/system/systemd.te
parentsystemd: add extra systemd_generator_t rules (diff)
downloadhardened-refpolicy-e5975779e32d5337266c191163bbde851ee4bda9.tar.gz
hardened-refpolicy-e5975779e32d5337266c191163bbde851ee4bda9.tar.bz2
hardened-refpolicy-e5975779e32d5337266c191163bbde851ee4bda9.zip
systemd: allow systemd-hwdb to search init runtime directories
Fixes: avc: denied { search } for pid=54 comm="systemd-hwdb" name="systemd" dev="tmpfs" ino=664 scontext=system_u:system_r:systemd_hw_t tcontext=system_u:object_r:init_runtime_t tclass=dir permissive=1 avc: denied { search } for pid=54 comm="systemd-hwdb" name="systemd" dev="tmpfs" ino=664 scontext=system_u:system_r:systemd_hw_t tcontext=system_u:object_r:init_runtime_t tclass=dir permissive=1 Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: Jason Zaman <perfinion@gentoo.org>
Diffstat (limited to 'policy/modules/system/systemd.te')
-rw-r--r--policy/modules/system/systemd.te1
1 files changed, 1 insertions, 0 deletions
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index d0a852a2..eb6f782f 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -461,6 +461,7 @@ selinux_get_fs_mount(systemd_hw_t)
selinux_use_status_page(systemd_hw_t)
init_read_state(systemd_hw_t)
+init_search_runtime(systemd_hw_t)
seutil_read_config(systemd_hw_t)
seutil_read_file_contexts(systemd_hw_t)