commit: f289fb94887c4fac6e5d53c49b7a9525f43a94b4 Author: Rahul Sandhu <rahul <AT> sandhuservices <DOT> dev> AuthorDate: Thu Nov 28 02:10:49 2024 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sun Dec 15 00:19:19 2024 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f289fb94
systemd-homed: label LUKS home images as systemd_homed_storage_t systemd-homed stores LUKS home images as `/home/username.home`, so let's label that appropriately. Signed-off-by: Rahul Sandhu <rahul <AT> sandhuservices.dev> Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> policy/modules/system/systemd.fc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/policy/modules/system/systemd.fc b/policy/modules/system/systemd.fc index f42782e53..68fcedbe3 100644 --- a/policy/modules/system/systemd.fc +++ b/policy/modules/system/systemd.fc @@ -63,6 +63,9 @@ HOME_DIR/\.config/containers/systemd(/.*)? gen_context(system_u:object_r:system HOME_DIR/\.config/systemd(/.*)? gen_context(system_u:object_r:systemd_conf_home_t,s0) HOME_DIR/\.local/share/systemd(/.*)? gen_context(system_u:object_r:systemd_data_home_t,s0) +# homed files +HOME_ROOT/(.+)\.home -- gen_context(system_u:object_r:systemd_homed_storage_t,s0) + /usr/lib/systemd/user(/.*)? gen_context(system_u:object_r:systemd_user_unit_t,s0) /usr/lib/systemd/system/[^/]*halt.* -- gen_context(system_u:object_r:power_unit_t,s0)
