commit: 4bb6b12fe1a936a0db91fc133ca30dfd8e5be32a
Author: Dave Sugar <dsugar100 <AT> gmail <DOT> com>
AuthorDate: Wed Oct 4 23:28:38 2023 +0000
Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org>
CommitDate: Fri Oct 20 21:28:39 2023 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=4bb6b12f
Use interface that already exists.
Signed-off-by: Dave Sugar <dsugar100 <AT> gmail.com>
Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org>
policy/modules/system/systemd.if | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if
index 68fb1a148..6054b5038 100644
--- a/policy/modules/system/systemd.if
+++ b/policy/modules/system/systemd.if
@@ -29,7 +29,6 @@ template(`systemd_role_template',`
type systemd_user_runtime_t, systemd_user_runtime_notify_t;
type systemd_user_unit_t;
type systemd_user_runtime_unit_t, systemd_user_transient_unit_t;
- type systemd_machined_t;
')
#################################
@@ -151,10 +150,9 @@ template(`systemd_role_template',`
allow $3 systemd_user_runtime_t:sock_file { manage_sock_file_perms
relabel_sock_file_perms };
# for "machinectl shell"
- allow $1_systemd_t systemd_machined_t:fd use;
- allow $3 systemd_machined_t:fd use;
- allow $3 systemd_machined_t:dbus send_msg;
- allow systemd_machined_t $3:dbus send_msg;
+ systemd_use_inherited_machined_ptys($1_systemd_t)
+ systemd_use_inherited_machined_ptys($3)
+ systemd_dbus_chat_machined($3)
allow $3 systemd_user_runtime_notify_t:sock_file {
manage_sock_file_perms relabel_sock_file_perms };
