commit: 52cb621762b5a0e7c4276d1c527623181f2ee454
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Tue Mar 12 00:56:46 2019 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Mar 25 10:05:25 2019 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=52cb6217
usermanage: Move kernel_dgram_send(passwd_t) to systemd block.
Signed-off-by: Jason Zaman <jason <AT> perfinion.com>
policy/modules/admin/usermanage.te | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/policy/modules/admin/usermanage.te
b/policy/modules/admin/usermanage.te
index 0f874b1a..d8ba89e6 100644
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@@ -304,7 +304,6 @@ allow passwd_t self:msg { send receive };
allow passwd_t crack_db_t:dir list_dir_perms;
read_files_pattern(passwd_t, crack_db_t, crack_db_t)
-kernel_dgram_send(passwd_t)
kernel_read_crypto_sysctls(passwd_t)
kernel_read_kernel_sysctls(passwd_t)
@@ -367,6 +366,11 @@ userdom_read_user_tmp_files(passwd_t)
# on user home dir
userdom_dontaudit_search_user_home_content(passwd_t)
+ifdef(`init_systemd',`
+ # for journald /dev/log
+ kernel_dgram_send(passwd_t)
+')
+
optional_policy(`
nscd_run(passwd_t, passwd_roles)
')
