commit: e12ee65669beb8e0a41580e4edea45f62f27dfda Author: Kenton Groombridge <me <AT> concord <DOT> sh> AuthorDate: Fri May 20 15:30:10 2022 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sat Sep 3 18:41:55 2022 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=e12ee656
systemd: allow systemd-networkd to read init runtime files If started from an initrd and the kernel is configured for networking at early boot, systemd-networkd needs access to files for the network configuration in /run/systemd/network which are still init_runtime_t during early boot. systemd will later relabel these files after the policy is loaded. Signed-off-by: Kenton Groombridge <me <AT> concord.sh> Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> policy/modules/system/systemd.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te index 501a1227..92a2b486 100644 --- a/policy/modules/system/systemd.te +++ b/policy/modules/system/systemd.te @@ -1099,6 +1099,7 @@ auth_use_nsswitch(systemd_networkd_t) init_dgram_send(systemd_networkd_t) init_read_state(systemd_networkd_t) +init_read_runtime_files(systemd_networkd_t) init_runtime_filetrans(systemd_networkd_t, systemd_networkd_runtime_t, dir) logging_send_syslog_msg(systemd_networkd_t)