Create new interface called systemd_login_filetrans_pid_files()
This commit is contained in:
parent
7ff0b8badf
commit
b87a437807
Binary file not shown.
@ -46383,10 +46383,10 @@ index 0000000..0e4185f
|
||||
+/var/run/initramfs(/.*)? <<none>>
|
||||
diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if
|
||||
new file mode 100644
|
||||
index 0000000..3380372
|
||||
index 0000000..ebd6cc8
|
||||
--- /dev/null
|
||||
+++ b/policy/modules/system/systemd.if
|
||||
@@ -0,0 +1,1698 @@
|
||||
@@ -0,0 +1,1716 @@
|
||||
+## <summary>SELinux policy for systemd components</summary>
|
||||
+
|
||||
+######################################
|
||||
@ -46679,6 +46679,24 @@ index 0000000..3380372
|
||||
+
|
||||
+ files_search_pids($1)
|
||||
+ manage_files_pattern($1, systemd_logind_var_run_t, systemd_logind_var_run_t)
|
||||
+')
|
||||
+
|
||||
+
|
||||
+######################################
|
||||
+## <summary>
|
||||
+## Read systemd_login PID files.
|
||||
+## </summary>
|
||||
+## <param name="domain">
|
||||
+## <summary>
|
||||
+## Domain allowed access.
|
||||
+## </summary>
|
||||
+## </param>
|
||||
+#
|
||||
+interface(`systemd_login_filetrans_pid_files',`
|
||||
+ gen_require(`
|
||||
+ type systemd_logind_var_run_t;
|
||||
+ ')
|
||||
+
|
||||
+ files_pid_filetrans($1, systemd_logind_var_run_t, file, "nologin")
|
||||
+')
|
||||
+
|
||||
|
Loading…
Reference in New Issue
Block a user