commit: 9074e45e4da9e23b5e161fe4da909672001f4cb0
Author: Chris PeBenito <chpebeni <AT> linux <DOT> microsoft <DOT> com>
AuthorDate: Fri Nov 22 21:39:35 2019 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Dec 16 13:13:11 2019 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=9074e45e
unconfined: Fix systemd --user rule.
Use the full init_pgm_spec_user_daemon_domain() to ensure correct
permissions.
Signed-off-by: Chris PeBenito <chpebeni <AT> linux.microsoft.com>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/system/init.if | 7 +------
policy/modules/system/unconfined.te | 2 +-
2 files changed, 2 insertions(+), 7 deletions(-)
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index 3465641f..9425c651 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -672,12 +672,7 @@ interface(`init_domtrans',`
## </desc>
## <param name="domain">
## <summary>
-## Domain allowed to transition.
-## </summary>
-## </param>
-## <param name="domain">
-## <summary>
-## New domain.
+## The type to be used as a systemd --user domain.
## </summary>
## </param>
#
diff --git a/policy/modules/system/unconfined.te
b/policy/modules/system/unconfined.te
index 62b9eb17..2bb15219 100644
--- a/policy/modules/system/unconfined.te
+++ b/policy/modules/system/unconfined.te
@@ -62,7 +62,7 @@ ifdef(`init_systemd',`
# for systemd-analyze
init_service_status(unconfined_t)
# for systemd --user:
- init_pgm_entrypoint(unconfined_t)
+ init_pgm_spec_user_daemon_domain(unconfined_t)
optional_policy(`
systemd_dbus_chat_resolved(unconfined_t)
