1 |
commit: be5ad6588778385c9353e1b6ca9fcc5f4b149148 |
2 |
Author: Russell Coker <russell <AT> coker <DOT> com <DOT> au> |
3 |
AuthorDate: Fri Feb 24 06:22:42 2017 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Feb 25 16:43:11 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=be5ad658 |
7 |
|
8 |
new init interfaces for systemd |
9 |
|
10 |
These are needed by several patches I'm about to send. |
11 |
|
12 |
Description: some new interfaces for init/systemd |
13 |
Author: Russell Coker <russell <AT> coker.com.au> |
14 |
Last-Update: 2017-02-24 |
15 |
|
16 |
policy/modules/system/init.if | 36 ++++++++++++++++++++++++++++++++++++ |
17 |
1 file changed, 36 insertions(+) |
18 |
|
19 |
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if |
20 |
index 162ce266..2230df01 100644 |
21 |
--- a/policy/modules/system/init.if |
22 |
+++ b/policy/modules/system/init.if |
23 |
@@ -1135,6 +1135,24 @@ interface(`init_var_lib_filetrans',` |
24 |
filetrans_pattern($1, init_var_lib_t, $2, $3, $4) |
25 |
') |
26 |
|
27 |
+###################################### |
28 |
+## <summary> |
29 |
+## Allow search directory in the /run/systemd directory. |
30 |
+## </summary> |
31 |
+## <param name="domain"> |
32 |
+## <summary> |
33 |
+## Domain allowed access. |
34 |
+## </summary> |
35 |
+## </param> |
36 |
+# |
37 |
+interface(`init_search_pid_dirs',` |
38 |
+ gen_require(` |
39 |
+ type init_var_run_t; |
40 |
+ ') |
41 |
+ |
42 |
+ allow $1 init_var_run_t:dir search_dir_perms; |
43 |
+') |
44 |
+ |
45 |
######################################## |
46 |
## <summary> |
47 |
## Create files in an init PID directory. |
48 |
@@ -2271,6 +2289,24 @@ interface(`init_rw_script_tmp_files',` |
49 |
|
50 |
######################################## |
51 |
## <summary> |
52 |
+## Read and write init script inherited temporary data. |
53 |
+## </summary> |
54 |
+## <param name="domain"> |
55 |
+## <summary> |
56 |
+## Domain allowed access. |
57 |
+## </summary> |
58 |
+## </param> |
59 |
+# |
60 |
+interface(`init_rw_inherited_script_tmp_files',` |
61 |
+ gen_require(` |
62 |
+ type initrc_tmp_t; |
63 |
+ ') |
64 |
+ |
65 |
+ allow $1 initrc_tmp_t:file rw_inherited_file_perms; |
66 |
+') |
67 |
+ |
68 |
+######################################## |
69 |
+## <summary> |
70 |
## Create files in a init script |
71 |
## temporary data directory. |
72 |
## </summary> |