Create new interface called systemd_login_filetrans_pid_files()

This commit is contained in:
Lukas Vrabec 2016-05-05 10:54:35 +02:00
parent 7ff0b8badf
commit b87a437807
2 changed files with 20 additions and 2 deletions

Binary file not shown.

View File

@ -46383,10 +46383,10 @@ index 0000000..0e4185f
+/var/run/initramfs(/.*)? <<none>>
diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if
new file mode 100644
index 0000000..3380372
index 0000000..ebd6cc8
--- /dev/null
+++ b/policy/modules/system/systemd.if
@@ -0,0 +1,1698 @@
@@ -0,0 +1,1716 @@
+## <summary>SELinux policy for systemd components</summary>
+
+######################################
@ -46679,6 +46679,24 @@ index 0000000..3380372
+
+ files_search_pids($1)
+ manage_files_pattern($1, systemd_logind_var_run_t, systemd_logind_var_run_t)
+')
+
+
+######################################
+## <summary>
+## Read systemd_login PID files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`systemd_login_filetrans_pid_files',`
+ gen_require(`
+ type systemd_logind_var_run_t;
+ ')
+
+ files_pid_filetrans($1, systemd_logind_var_run_t, file, "nologin")
+')
+