commit: bd4d8da452e55389b387f9d98153c6534c5eba1d
Author: Rahul Sandhu <rahul <AT> sandhuservices <DOT> dev>
AuthorDate: Thu Nov 28 01:48:46 2024 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Dec 15 00:19:19 2024 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=bd4d8da4
locallogin: allow talking to systemd-homed user record APIs
systemd-homed user records rely on being able to talk to the dbus and
varlink APIs provided to obtain basic account information such as user
id, name, group membership, etc as they do not have /etc/passwd,
/etc/group or /etc/shadow fields. For tty login to work for homed user
accounts, local_login_t needs to be able to lookup this information, so
let's grant it the ability to.
Signed-off-by: Rahul Sandhu <rahul <AT> sandhuservices.dev>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/system/locallogin.te | 2 ++
1 file changed, 2 insertions(+)
diff --git a/policy/modules/system/locallogin.te
b/policy/modules/system/locallogin.te
index e17b16c4e..995c80be2 100644
--- a/policy/modules/system/locallogin.te
+++ b/policy/modules/system/locallogin.te
@@ -154,6 +154,8 @@ ifdef(`init_systemd',`
systemd_dbus_chat_logind(local_login_t)
systemd_use_logind_fds(local_login_t)
systemd_manage_logind_runtime_pipes(local_login_t)
+ systemd_dbus_chat_homed(local_login_t)
+ systemd_stream_connect_homed(local_login_t)
')
ifdef(`distro_debian',`
