commit: 62286ae2ea6ccb9a68f349b419625143696f68f1 Author: Rahul Sandhu <rahul <AT> sandhuservices <DOT> dev> AuthorDate: Wed Dec 4 21:37:52 2024 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sun Dec 15 00:19:42 2024 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=62286ae2
systemd-homed: make lvm related policy optional Signed-off-by: Rahul Sandhu <rahul <AT> sandhuservices.dev> Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> policy/modules/system/systemd.te | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te index fbace192f..c62036f39 100644 --- a/policy/modules/system/systemd.te +++ b/policy/modules/system/systemd.te @@ -755,8 +755,10 @@ files_home_filetrans(systemd_homework_t, systemd_homed_storage_t, file) allow systemd_homework_t systemd_homed_tmpfs_t:file rw_inherited_file_perms; # setup luks backed home directories in /run/cryptsetup -lvm_manage_runtime_files(systemd_homework_t) -lvm_manage_runtime_dirs(systemd_homework_t) +optional_policy(` + lvm_manage_runtime_files(systemd_homework_t) + lvm_manage_runtime_dirs(systemd_homework_t) +') dev_rw_loop_control(systemd_homework_t) dev_read_rand(systemd_homework_t)
