|
 |
7172f2 |
policy_module(systemd_hs,0.0.1)
|
|
|
7172f2 |
|
|
|
7172f2 |
# systemd overrides for 247
|
|
|
7172f2 |
gen_require(`
|
|
|
7172f2 |
type avahi_t;
|
|
|
7172f2 |
type cgroup_t;
|
|
|
7172f2 |
type init_t;
|
|
|
7172f2 |
type init_var_run_t;
|
|
|
7172f2 |
type initrc_t;
|
|
|
7172f2 |
class dbus send_msg;
|
|
|
7172f2 |
type install_t;
|
|
|
7172f2 |
type kmsg_device_t;
|
|
|
7172f2 |
type policykit_auth_t;
|
|
|
7172f2 |
type policykit_t;
|
|
|
7172f2 |
type proc_kmsg_t;
|
|
|
7172f2 |
type rpm_t;
|
|
|
7172f2 |
type system_dbusd_t;
|
|
|
7172f2 |
type system_dbusd_var_run_t;
|
|
|
7172f2 |
type systemd_hostnamed_t;
|
|
|
7172f2 |
type systemd_localed_t;
|
|
|
7172f2 |
type systemd_logind_t;
|
|
|
7172f2 |
type systemd_machined_t;
|
|
|
7172f2 |
type systemd_resolved_t;
|
|
|
7172f2 |
type systemd_tmpfiles_t;
|
|
|
7172f2 |
type security_t;
|
|
|
7172f2 |
type sssd_t;
|
|
|
7172f2 |
type syslogd_t;
|
|
|
7172f2 |
type udev_var_run_t;
|
|
|
7172f2 |
type user_tmp_t;
|
|
|
7172f2 |
type useradd_t;
|
|
|
7172f2 |
type xdm_t;
|
|
|
7172f2 |
')
|
|
|
7172f2 |
|
|
|
7172f2 |
allow avahi_t init_var_run_t:dir read;
|
|
|
7172f2 |
allow init_t kmsg_device_t:chr_file mounton;
|
|
|
7172f2 |
allow init_t proc_kmsg_t:file { getattr mounton };
|
|
|
7172f2 |
allow init_t system_dbusd_var_run_t:sock_file read;
|
|
|
7172f2 |
allow init_t systemd_machined_t:unix_stream_socket connectto;
|
|
|
7172f2 |
allow policykit_auth_t init_var_run_t:dir read;
|
|
|
7172f2 |
allow policykit_auth_t systemd_machined_t:unix_stream_socket connectto;
|
|
|
7172f2 |
allow policykit_t systemd_machined_t:unix_stream_socket connectto;
|
|
|
7172f2 |
allow sssd_t cgroup_t:filesystem getattr;
|
|
|
7172f2 |
allow syslogd_t user_tmp_t:lnk_file read;
|
|
|
7172f2 |
allow system_dbusd_t systemd_machined_t:unix_stream_socket connectto;
|
|
|
7172f2 |
allow systemd_hostnamed_t init_var_run_t:dir write;
|
|
|
7172f2 |
allow systemd_hostnamed_t init_var_run_t:file { getattr ioctl open read };
|
|
|
7172f2 |
allow systemd_hostnamed_t initrc_t:dbus send_msg;
|
|
|
7172f2 |
allow systemd_hostnamed_t install_t:dbus send_msg;
|
|
|
7172f2 |
allow systemd_hostnamed_t udev_var_run_t:file getattr;
|
|
|
7172f2 |
allow systemd_hostnamed_t udev_var_run_t:file open;
|
|
|
7172f2 |
allow systemd_hostnamed_t udev_var_run_t:file read;
|
|
|
7172f2 |
allow systemd_logind_t self:netlink_selinux_socket bind;
|
|
|
7172f2 |
allow systemd_logind_t self:netlink_selinux_socket create;
|
|
|
7172f2 |
allow systemd_logind_t systemd_machined_t:unix_stream_socket connectto;
|
|
|
7172f2 |
allow systemd_logind_t user_tmp_t:chr_file unlink;
|
|
|
7172f2 |
allow systemd_machined_t init_var_run_t:sock_file create;
|
|
|
7172f2 |
allow sssd_t cgroup_t:dir search;
|
|
|
7172f2 |
allow sssd_t cgroup_t:filesystem getattr;
|
|
|
7172f2 |
allow useradd_t init_var_run_t:dir read;
|
|
|
7172f2 |
allow xdm_t systemd_machined_t:unix_stream_socket connectto;
|
|
|
7172f2 |
|
|
|
7172f2 |
selinux_use_status_page(init_t)
|
|
|
7172f2 |
selinux_use_status_page(rpm_t)
|
|
|
7172f2 |
selinux_use_status_page(systemd_hostnamed_t)
|
|
|
7172f2 |
selinux_use_status_page(systemd_localed_t)
|
|
|
7172f2 |
selinux_use_status_page(systemd_logind_t)
|
|
|
7172f2 |
selinux_use_status_page(systemd_resolved_t)
|
|
|
7172f2 |
selinux_use_status_page(systemd_tmpfiles_t)
|