1 |
commit: 574b23826b265be34284368cea90fa8185413a91 |
2 |
Author: Laurent Bigonville <bigon <AT> bigon <DOT> be> |
3 |
AuthorDate: Mon Oct 26 12:26:06 2015 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Dec 17 15:32:11 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=574b2382 |
7 |
|
8 |
Transition D-Bus system service out of the init_t domain when PID1 is systemd |
9 |
|
10 |
D-Bus is not starting the activated system services anymore when PID1 is |
11 |
systemd, but it delegate the job to systemd. |
12 |
|
13 |
policy/modules/contrib/dbus.if | 4 ++++ |
14 |
1 file changed, 4 insertions(+) |
15 |
|
16 |
diff --git a/policy/modules/contrib/dbus.if b/policy/modules/contrib/dbus.if |
17 |
index 077dabc..89bbb25 100644 |
18 |
--- a/policy/modules/contrib/dbus.if |
19 |
+++ b/policy/modules/contrib/dbus.if |
20 |
@@ -573,6 +573,10 @@ interface(`dbus_system_domain',` |
21 |
|
22 |
userdom_read_all_users_state($1) |
23 |
|
24 |
+ ifdef(`init_systemd',` |
25 |
+ init_daemon_domain($1, $2) |
26 |
+ ') |
27 |
+ |
28 |
ifdef(`hide_broken_symptoms', ` |
29 |
dontaudit $1 system_dbusd_t:netlink_selinux_socket { read write }; |
30 |
') |