commit: 468a27270a27c80bb18eb60208c765af0aaac899 Author: Krzysztof Nowicki <krissn <AT> op <DOT> pl> AuthorDate: Wed Feb 3 21:18:59 2021 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Mon Feb 15 19:49:24 2021 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=468a2727
Mark lvm_lock_t as systemd_tmpfilesd-managed lvm2 installs a file into /usr/lib/tmpfliles.d/ to create /run/lock/lvm so systemd-tmpfilesd needs the rights to create it. Signed-off-by: Krzysztof Nowicki <krissn <AT> op.pl> Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> policy/modules/system/lvm.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te index b16e5569..398e3426 100644 --- a/policy/modules/system/lvm.te +++ b/policy/modules/system/lvm.te @@ -29,6 +29,9 @@ files_type(lvm_etc_t) type lvm_lock_t; files_lock_file(lvm_lock_t) +optional_policy(` + systemd_tmpfilesd_managed(lvm_lock_t, dir) +') type lvm_metadata_t; files_type(lvm_metadata_t)
