systemd_homework_t: allow managing of lvm_runtime_t files and dirs

systemd-homed needs access to `/run/cryptsetup` to properly setup and unlock LUKS encrypted home directories. Signed-off-by: Rahul Sandhu <rahul@sandhuservices.dev> Signed-off-by: Jason Zaman <perfinion@gentoo.org>
author: Rahul Sandhu <rahul@sandhuservices.dev> 2024-11-28 17:44:01 +0000
committer: Jason Zaman <perfinion@gentoo.org> 2024-12-14 16:19:42 -0800
commit: 4c672a08f3060e44791ace6b3c25c5247d1fd34c (patch)
tree: 02f4422e8bece85b237f24b66a18505c579c0812 /policy
parent: lvm_manage_runtime_dirs: new interface for managing LVM runtime dirs (diff)
download: hardened-refpolicy-4c672a08f3060e44791ace6b3c25c5247d1fd34c.tar.gz
hardened-refpolicy-4c672a08f3060e44791ace6b3c25c5247d1fd34c.tar.bz2
hardened-refpolicy-4c672a08f3060e44791ace6b3c25c5247d1fd34c.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 05c9e55e..edc19260 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -751,6 +751,10 @@ files_home_filetrans(systemd_homework_t, systemd_homed_storage_t, file)
 
 allow systemd_homework_t systemd_homed_tmpfs_t:file rw_inherited_file_perms;
 
+# setup luks backed home directories in /run/cryptsetup
+lvm_manage_runtime_files(systemd_homework_t)
+lvm_manage_runtime_dirs(systemd_homework_t)
+
 dev_rw_loop_control(systemd_homework_t)
 dev_read_rand(systemd_homework_t)
 dev_read_urand(systemd_homework_t)
author	Rahul Sandhu <rahul@sandhuservices.dev>	2024-11-28 17:44:01 +0000
committer	Jason Zaman <perfinion@gentoo.org>	2024-12-14 16:19:42 -0800
commit	4c672a08f3060e44791ace6b3c25c5247d1fd34c (patch)
tree	02f4422e8bece85b237f24b66a18505c579c0812 /policy
parent	lvm_manage_runtime_dirs: new interface for managing LVM runtime dirs (diff)
download	hardened-refpolicy-4c672a08f3060e44791ace6b3c25c5247d1fd34c.tar.gz hardened-refpolicy-4c672a08f3060e44791ace6b3c25c5247d1fd34c.tar.bz2 hardened-refpolicy-4c672a08f3060e44791ace6b3c25c5247d1fd34c.zip