Create new interface called systemd_login_filetrans_pid_files()

This commit is contained in:
Lukas Vrabec 2016-05-05 10:54:35 +02:00
parent 7ff0b8badf
commit b87a437807
2 changed files with 20 additions and 2 deletions

Binary file not shown.

View File

@ -46383,10 +46383,10 @@ index 0000000..0e4185f
+/var/run/initramfs(/.*)? <<none>> +/var/run/initramfs(/.*)? <<none>>
diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if
new file mode 100644 new file mode 100644
index 0000000..3380372 index 0000000..ebd6cc8
--- /dev/null --- /dev/null
+++ b/policy/modules/system/systemd.if +++ b/policy/modules/system/systemd.if
@@ -0,0 +1,1698 @@ @@ -0,0 +1,1716 @@
+## <summary>SELinux policy for systemd components</summary> +## <summary>SELinux policy for systemd components</summary>
+ +
+###################################### +######################################
@ -46679,6 +46679,24 @@ index 0000000..3380372
+ +
+ files_search_pids($1) + files_search_pids($1)
+ manage_files_pattern($1, systemd_logind_var_run_t, systemd_logind_var_run_t) + manage_files_pattern($1, systemd_logind_var_run_t, systemd_logind_var_run_t)
+')
+
+
+######################################
+## <summary>
+## Read systemd_login PID files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`systemd_login_filetrans_pid_files',`
+ gen_require(`
+ type systemd_logind_var_run_t;
+ ')
+
+ files_pid_filetrans($1, systemd_logind_var_run_t, file, "nologin") + files_pid_filetrans($1, systemd_logind_var_run_t, file, "nologin")
+') +')
+ +