sysadm, systemd: various fixes

Allow sysadm to communicate with logind over dbus and add missing rules for systemd-logind. Signed-off-by: Kenton Groombridge <me@concord.sh> Signed-off-by: Jason Zaman <perfinion@gentoo.org>
author: Kenton Groombridge <me@concord.sh> 2021-04-07 12:55:38 -0400
committer: Jason Zaman <perfinion@gentoo.org> 2021-09-05 07:16:58 -0700
commit: fae8e383993a2c925a717204169ea36a136a8d1a (patch)
tree: fcd52c1e07dc499a916f3ab31e96c92fbb68e3c8 /policy/modules/roles/sysadm.te
parent: various: several dontaudits (diff)
download: hardened-refpolicy-fae8e383993a2c925a717204169ea36a136a8d1a.tar.gz
hardened-refpolicy-fae8e383993a2c925a717204169ea36a136a8d1a.tar.bz2
hardened-refpolicy-fae8e383993a2c925a717204169ea36a136a8d1a.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 77734dc8..9bc46972 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -81,6 +81,10 @@ ifdef(`init_systemd',`
 	# Allow sysadm to resolve the username of dynamic users by calling
 	# LookupDynamicUserByUID on org.freedesktop.systemd1.
 	init_dbus_chat(sysadm_t)
+
+	# Allow sysadm to get the status of and set properties of other users,
+	# sessions, and seats on the system.
+	systemd_dbus_chat_logind(sysadm_t)
 ')
 
 tunable_policy(`allow_ptrace',`
author	Kenton Groombridge <me@concord.sh>	2021-04-07 12:55:38 -0400
committer	Jason Zaman <perfinion@gentoo.org>	2021-09-05 07:16:58 -0700
commit	fae8e383993a2c925a717204169ea36a136a8d1a (patch)
tree	fcd52c1e07dc499a916f3ab31e96c92fbb68e3c8 /policy/modules/roles/sysadm.te
parent	various: several dontaudits (diff)
download	hardened-refpolicy-fae8e383993a2c925a717204169ea36a136a8d1a.tar.gz hardened-refpolicy-fae8e383993a2c925a717204169ea36a136a8d1a.tar.bz2 hardened-refpolicy-fae8e383993a2c925a717204169ea36a136a8d1a.zip