diff options
| author |   Krzysztof Nowicki <krissn@op.pl> | 2020-02-24 08:24:18 +0100 |
|---|---|---|
| committer |   Jason Zaman <perfinion@gentoo.org> | 2021-02-15 11:49:24 -0800 |
| commit | f28c4aa396908236a0d6c85e4498db7dc9a53b3f (patch) | |
| tree | 1f17d85c6aebc9ca22b92366df4c4d388033cfaa /policy/modules/kernel/filesystem.if | |
| parent | Fix interface naming convention (plural predicates) (diff) | |
| download | hardened-refpolicy-f28c4aa396908236a0d6c85e4498db7dc9a53b3f.tar.gz hardened-refpolicy-f28c4aa396908236a0d6c85e4498db7dc9a53b3f.tar.bz2 hardened-refpolicy-f28c4aa396908236a0d6c85e4498db7dc9a53b3f.zip | |
Allow systemd to relabel startup-important directories
Signed-off-by: Krzysztof Nowicki <krissn@op.pl>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
Diffstat (limited to 'policy/modules/kernel/filesystem.if')
| -rw-r--r-- | policy/modules/kernel/filesystem.if | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if index df868e70..e2c2c0ec 100644 --- a/policy/modules/kernel/filesystem.if +++ b/policy/modules/kernel/filesystem.if @@ -5096,6 +5096,25 @@ interface(`fs_relabel_tmpfs_blk_file',` ######################################## ## <summary> +## Relabel named pipes on tmpfs filesystems. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`fs_relabel_tmpfs_fifo_files',` + gen_require(` + type tmpfs_t; + ') + + allow $1 tmpfs_t:dir list_dir_perms; + relabel_fifo_files_pattern($1, tmpfs_t, tmpfs_t) +') + +######################################## +## <summary> ## Read and write, create and delete generic ## files on tmpfs filesystems. ## </summary> |