commit: 1c491aeedcfbcd28abb64198e73950daa74244ee Author: Lukas Vrabec <lvrabec <AT> redhat <DOT> com> AuthorDate: Tue Aug 2 14:20:00 2016 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sat Aug 13 18:23:03 2016 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=1c491aee
Systemd by version 231 starts using shared library and systemd daemons execute it. For this reason lib_t type is needed. policy/modules/system/libraries.fc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc index 85e918f..2467d45 100644 --- a/policy/modules/system/libraries.fc +++ b/policy/modules/system/libraries.fc @@ -149,6 +149,8 @@ ifdef(`distro_debian',` /usr/lib/nvidia/libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/xorg/modules/glesx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/lib/systemd/libsystemd-shared-[0-9]+\.so.* -- gen_context(system_u:object_r:lib_t,s0) + /usr/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:lib_t,s0) /usr/lib/wine/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/(sse2/)?libfame-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
