commit: 5c6a954b4abbc2f65ebebbfa363f6a287cfe122d
Author: Chris PeBenito <Christopher.PeBenito <AT> microsoft <DOT> com>
AuthorDate: Tue May 28 15:13:32 2019 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Jul 13 06:43:14 2019 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=5c6a954b
init: Add systemd block to init_script_domain().
Signed-off-by: Chris PeBenito <Christopher.PeBenito <AT> microsoft.com>
Signed-off-by: Jason Zaman <jason <AT> perfinion.com>
policy/modules/system/init.if | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index 2a928ca7..411c5cc8 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -99,6 +99,12 @@ interface(`init_script_domain',`
role system_r types $1;
domtrans_pattern(init_run_all_scripts_domain, $2, $1)
+
+ ifdef(`init_systemd',`
+ allow $1 init_t:unix_stream_socket { getattr read write ioctl };
+
+ allow init_t $1:process2 { nnp_transition nosuid_transition };
+ ')
')
########################################
