commit: 4c672a08f3060e44791ace6b3c25c5247d1fd34c Author: Rahul Sandhu <rahul <AT> sandhuservices <DOT> dev> AuthorDate: Thu Nov 28 17:44:01 2024 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sun Dec 15 00:19:42 2024 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=4c672a08
systemd_homework_t: allow managing of lvm_runtime_t files and dirs systemd-homed needs access to `/run/cryptsetup` to properly setup and unlock LUKS encrypted home directories. Signed-off-by: Rahul Sandhu <rahul <AT> sandhuservices.dev> Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> policy/modules/system/systemd.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te index 05c9e55e4..edc192609 100644 --- a/policy/modules/system/systemd.te +++ b/policy/modules/system/systemd.te @@ -751,6 +751,10 @@ files_home_filetrans(systemd_homework_t, systemd_homed_storage_t, file) allow systemd_homework_t systemd_homed_tmpfs_t:file rw_inherited_file_perms; +# setup luks backed home directories in /run/cryptsetup +lvm_manage_runtime_files(systemd_homework_t) +lvm_manage_runtime_dirs(systemd_homework_t) + dev_rw_loop_control(systemd_homework_t) dev_read_rand(systemd_homework_t) dev_read_urand(systemd_homework_t)
