Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/policy/modules/system/systemd.te
diff options
context:
space:
mode:
Diffstat (limited to 'policy/modules/system/systemd.te')
-rw-r--r--policy/modules/system/systemd.te11
1 files changed, 8 insertions, 3 deletions
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 59888d36a..3d853c4c6 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -518,6 +518,7 @@ kernel_dontaudit_getattr_proc(systemd_generator_t)
kernel_dontaudit_search_unlabeled(systemd_generator_t)
storage_raw_read_fixed_disk(systemd_generator_t)
+storage_raw_read_removable_device(systemd_generator_t)
systemd_log_parse_environment(systemd_generator_t)
@@ -665,6 +666,7 @@ udev_read_runtime_files(systemd_homework_t)
#
allow systemd_hostnamed_t self:capability sys_admin;
+allow systemd_hostnamed_t self:process setfscreate;
fs_getattr_cgroup(systemd_hostnamed_t)
fs_getattr_xattr_fs(systemd_hostnamed_t)
@@ -676,6 +678,8 @@ dev_read_sysfs(systemd_hostnamed_t)
files_read_etc_files(systemd_hostnamed_t)
+fs_getattr_all_fs(systemd_hostnamed_t)
+
selinux_use_status_page(systemd_hostnamed_t)
seutil_read_file_contexts(systemd_hostnamed_t)
@@ -1418,8 +1422,8 @@ systemd_log_parse_environment(systemd_rfkill_t)
allow systemd_resolved_t self:capability { chown net_raw setgid setpcap setuid };
allow systemd_resolved_t self:process { getcap setcap setfscreate signal };
-
-allow systemd_resolved_t self:tcp_socket { accept listen };
+allow systemd_resolved_t self:unix_stream_socket create_stream_socket_perms;
+allow systemd_resolved_t self:tcp_socket create_stream_socket_perms;
allow systemd_resolved_t systemd_networkd_runtime_t:dir watch;
@@ -1555,7 +1559,7 @@ allow systemd_sysusers_t self:unix_dgram_socket sendto;
files_manage_etc_files(systemd_sysusers_t)
fs_getattr_all_fs(systemd_sysusers_t)
-fs_search_cgroup_dirs(systemd_sysusers_t)
+fs_search_all(systemd_sysusers_t)
kernel_read_kernel_sysctls(systemd_sysusers_t)
@@ -1824,6 +1828,7 @@ seutil_libselinux_linked(systemd_user_session_type)
allow systemd_userdbd_t self:capability dac_read_search;
allow systemd_userdbd_t self:process signal;
+allow systemd_userdbd_t self:unix_stream_socket create_stream_socket_perms;
stream_connect_pattern(systemd_userdbd_t, systemd_homed_runtime_t, systemd_homed_runtime_t, systemd_homed_t)