commit: 06fde63185dca6b4f960f0cc1c53d4e24055fec3
Author: Chris PeBenito <chpebeni <AT> linux <DOT> microsoft <DOT> com>
AuthorDate: Tue Jan 21 18:25:32 2020 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Jan 10 21:52:17 2021 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=06fde631
systemd: Add systemd-tty-ask watch for /run/systemd/ask-password.
Signed-off-by: Chris PeBenito <chpebeni <AT> linux.microsoft.com>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/system/systemd.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 7a19b151..9c210947 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -1023,6 +1023,7 @@ allow systemd_passwd_agent_t self:capability { chown
sys_tty_config dac_override
allow systemd_passwd_agent_t self:process { setfscreate setsockcreate signal };
allow systemd_passwd_agent_t self:unix_dgram_socket create_socket_perms;
+allow systemd_passwd_agent_t systemd_passwd_var_run_t:dir watch;
manage_dirs_pattern(systemd_passwd_agent_t, systemd_passwd_runtime_t,
systemd_passwd_runtime_t)
manage_files_pattern(systemd_passwd_agent_t, systemd_passwd_runtime_t,
systemd_passwd_runtime_t)
manage_sock_files_pattern(systemd_passwd_agent_t, systemd_passwd_runtime_t,
systemd_passwd_runtime_t)
