commit: b0c79d2a055903a37b3aaf0dd1eb7e2fcfc90224
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Mon Mar 7 08:45:36 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri Mar 11 17:15:38 2016 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=b0c79d2a
system/init: move systemd_ interfaces into optional_policy
When ifdef systemd is enabled, some interfaces from systemd are called
unconditionally. This makes migrating from non-systemd to systemd
complicated since init is part of base and systemd is not so loading
fails. Moving them into optional_policy fixes this.
policy/modules/system/init.te | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index fd559bc..1f59e2a 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -280,13 +280,15 @@ ifdef(`init_systemd',`
seutil_read_file_contexts(init_t)
- systemd_relabelto_kmod_files(init_t)
- systemd_dbus_chat_logind(init_t)
-
# udevd is a "systemd kobject uevent socket activated daemon"
udev_create_kobject_uevent_sockets(init_t)
optional_policy(`
+ systemd_relabelto_kmod_files(init_t)
+ systemd_dbus_chat_logind(init_t)
+ ')
+
+ optional_policy(`
dbus_system_bus_client(init_t)
dbus_connect_system_bus(init_t)
')
