commit: d9b58015e736c119e4338fffbcdac9a039ccfbc3 Author: Chris PeBenito <chpebeni <AT> linux <DOT> microsoft <DOT> com> AuthorDate: Tue Jan 17 13:36:58 2023 +0000 Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org> CommitDate: Mon Feb 13 15:24:04 2023 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=d9b58015
systemd: Tmpfilesd can correct seusers on files. Signed-off-by: Chris PeBenito <chpebeni <AT> linux.microsoft.com> Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org> policy/modules/system/systemd.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te index 7cd50f1b0..93b72faf5 100644 --- a/policy/modules/system/systemd.te +++ b/policy/modules/system/systemd.te @@ -1673,6 +1673,8 @@ dev_setattr_all_sysfs(systemd_tmpfiles_t) # /sys/module/kernel/parameters/crash_kexec_post_notifiers dev_write_sysfs(systemd_tmpfiles_t) +domain_obj_id_change_exemption(systemd_tmpfiles_t) + files_create_lock_dirs(systemd_tmpfiles_t) files_dontaudit_getattr_all_dirs(systemd_tmpfiles_t) files_manage_all_runtime_dirs(systemd_tmpfiles_t)
