commit: fce1ea5c36ab169a7e16497f022f656b6267cce7 Author: Marc Schiffbauer <mschiff <AT> gentoo <DOT> org> AuthorDate: Tue Nov 26 08:30:00 2024 +0000 Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org> CommitDate: Mon Jan 6 21:08:08 2025 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=fce1ea5c
systemd: add networkd rules required at least since version 256 systemd-network-generator.service unit fails without: fs_list_tmpfs(systemd_networkd_t) allow rw to /sys/fs/cgroup/system.slice/systemd-networkd.service/memory.pressure fs_rw_cgroup_files(systemd_networkd_t) Signed-off-by: Marc Schiffbauer <mschiff <AT> gentoo.org> Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org> policy/modules/system/systemd.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te index 2f344c7ad..342b98c2e 100644 --- a/policy/modules/system/systemd.te +++ b/policy/modules/system/systemd.te @@ -1358,6 +1358,8 @@ fs_getattr_all_fs(systemd_networkd_t) fs_search_cgroup_dirs(systemd_networkd_t) fs_read_nsfs_files(systemd_networkd_t) fs_watch_memory_pressure(systemd_networkd_t) +fs_list_tmpfs(systemd_networkd_t) +fs_rw_cgroup_files(systemd_networkd_t) auth_use_nsswitch(systemd_networkd_t)
