commit: df3fc700c5939555aac1f9e648c27208c4e17f76
Author: Dave Sugar <dsugar <AT> tresys <DOT> com>
AuthorDate: Wed Jun 6 14:25:08 2018 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri Jun 8 09:21:01 2018 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=df3fc700
Allow systemd-resolved to connect to system dbusd
type=USER_AVC msg=audit(1527726267.150:134): pid=1170 uid=81 auid=4294967295
ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:
denied { acquire_svc } for service=org.freedesktop.resolve1 spid=1208
scontext=system_u:system_r:systemd_resolved_t:s0
tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=dbus
exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
Signed-off-by: Dave Sugar <dsugar <AT> tresys.com>
policy/modules/system/systemd.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 79774dd3..60651a9e 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -861,6 +861,7 @@ systemd_log_parse_environment(systemd_resolved_t)
systemd_read_networkd_runtime(systemd_resolved_t)
optional_policy(`
+ dbus_connect_system_bus(systemd_resolved_t)
dbus_system_bus_client(systemd_resolved_t)
')
