commit: be5ad6588778385c9353e1b6ca9fcc5f4b149148
Author: Russell Coker <russell <AT> coker <DOT> com <DOT> au>
AuthorDate: Fri Feb 24 06:22:42 2017 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Feb 25 16:43:11 2017 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=be5ad658
new init interfaces for systemd
These are needed by several patches I'm about to send.
Description: some new interfaces for init/systemd
Author: Russell Coker <russell <AT> coker.com.au>
Last-Update: 2017-02-24
policy/modules/system/init.if | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index 162ce266..2230df01 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -1135,6 +1135,24 @@ interface(`init_var_lib_filetrans',`
filetrans_pattern($1, init_var_lib_t, $2, $3, $4)
')
+######################################
+## <summary>
+## Allow search directory in the /run/systemd directory.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`init_search_pid_dirs',`
+ gen_require(`
+ type init_var_run_t;
+ ')
+
+ allow $1 init_var_run_t:dir search_dir_perms;
+')
+
########################################
## <summary>
## Create files in an init PID directory.
@@ -2271,6 +2289,24 @@ interface(`init_rw_script_tmp_files',`
########################################
## <summary>
+## Read and write init script inherited temporary data.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`init_rw_inherited_script_tmp_files',`
+ gen_require(`
+ type initrc_tmp_t;
+ ')
+
+ allow $1 initrc_tmp_t:file rw_inherited_file_perms;
+')
+
+########################################
+## <summary>
## Create files in a init script
## temporary data directory.
## </summary>
