commit: c2cd4a6f79b4949857e4a4bd68bef6ea1496a255
Author: Markus Linnala <Markus.Linnala <AT> cybercom <DOT> com>
AuthorDate: Tue Jun 29 12:32:56 2021 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Sep 5 14:26:44 2021 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=c2cd4a6f
policy: files: files_get_etc_unit_status/files_{start,stop}_etc_service: fix
require
Signed-off-by: Markus Linnala <Markus.Linnala <AT> cybercom.com>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/kernel/files.if | 3 +++
1 file changed, 3 insertions(+)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 83f8b3f4..f772bfe8 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -3228,6 +3228,7 @@ interface(`files_exec_etc_files',`
interface(`files_get_etc_unit_status',`
gen_require(`
type etc_t;
+ class service status;
')
allow $1 etc_t:service status;
@@ -3246,6 +3247,7 @@ interface(`files_get_etc_unit_status',`
interface(`files_start_etc_service',`
gen_require(`
type etc_t;
+ class service start;
')
allow $1 etc_t:service start;
@@ -3264,6 +3266,7 @@ interface(`files_start_etc_service',`
interface(`files_stop_etc_service',`
gen_require(`
type etc_t;
+ class service stop;
')
allow $1 etc_t:service stop;
