diff --git a/docker-selinux.tgz b/docker-selinux.tgz index 3e9a065..c81c8fc 100644 Binary files a/docker-selinux.tgz and b/docker-selinux.tgz differ diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch index 64e125d..ea0417f 100644 --- a/policy-rawhide-base.patch +++ b/policy-rawhide-base.patch @@ -46383,10 +46383,10 @@ index 0000000..0e4185f +/var/run/initramfs(/.*)? <> diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if new file mode 100644 -index 0000000..3380372 +index 0000000..ebd6cc8 --- /dev/null +++ b/policy/modules/system/systemd.if -@@ -0,0 +1,1698 @@ +@@ -0,0 +1,1716 @@ +## SELinux policy for systemd components + +###################################### @@ -46679,6 +46679,24 @@ index 0000000..3380372 + + files_search_pids($1) + manage_files_pattern($1, systemd_logind_var_run_t, systemd_logind_var_run_t) ++') ++ ++ ++###################################### ++## ++## Read systemd_login PID files. ++## ++## ++## ++## Domain allowed access. ++## ++## ++# ++interface(`systemd_login_filetrans_pid_files',` ++ gen_require(` ++ type systemd_logind_var_run_t; ++ ') ++ + files_pid_filetrans($1, systemd_logind_var_run_t, file, "nologin") +') +