another version of systemd cgroups hostnamed and logind

From Russell Coker
author: Chris PeBenito <pebenito@ieee.org> 2017-03-25 13:45:37 -0400
committer: Jason Zaman <jason@perfinion.com> 2017-03-30 19:46:17 +0800
commit: 95b1ba94ad4c7ce6466bd54c4afd73a4a23c36b8 (patch)
tree: aa632aae9740eb5b00e1d5050fdbfe1a5baa3039 /policy/modules/system/udev.if
parent: Module version bump for monit patch from cgzones (diff)
download: hardened-refpolicy-95b1ba94ad4c7ce6466bd54c4afd73a4a23c36b8.tar.gz
hardened-refpolicy-95b1ba94ad4c7ce6466bd54c4afd73a4a23c36b8.tar.bz2
hardened-refpolicy-95b1ba94ad4c7ce6466bd54c4afd73a4a23c36b8.zip
1 files changed, 19 insertions, 0 deletions
diff --git a/policy/modules/system/udev.if b/policy/modules/system/udev.if
index 847b65bfa..bee6898b0 100644
--- a/policy/modules/system/udev.if
+++ b/policy/modules/system/udev.if
@@ -354,6 +354,25 @@ interface(`udev_search_pids',`
 
 ########################################
 ## <summary>
+##      list udev pid content
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`udev_list_pids',`
+	gen_require(`
+		type udev_var_run_t;
+	')
+
+	files_search_pids($1)
+	allow $1 udev_var_run_t:dir list_dir_perms;
+')
+
+########################################
+## <summary>
 ##	Create, read, write, and delete
 ##	udev run directories
 ## </summary>
author	Chris PeBenito <pebenito@ieee.org>	2017-03-25 13:45:37 -0400
committer	Jason Zaman <jason@perfinion.com>	2017-03-30 19:46:17 +0800
commit	95b1ba94ad4c7ce6466bd54c4afd73a4a23c36b8 (patch)
tree	aa632aae9740eb5b00e1d5050fdbfe1a5baa3039 /policy/modules/system/udev.if
parent	Module version bump for monit patch from cgzones (diff)
download	hardened-refpolicy-95b1ba94ad4c7ce6466bd54c4afd73a4a23c36b8.tar.gz hardened-refpolicy-95b1ba94ad4c7ce6466bd54c4afd73a4a23c36b8.tar.bz2 hardened-refpolicy-95b1ba94ad4c7ce6466bd54c4afd73a4a23c36b8.zip