7172f2
policy_module(systemd_hs,0.0.1)
7172f2
7172f2
# systemd overrides for 247
7172f2
gen_require(`
7172f2
	type init_t;
7172f2
	type init_var_run_t;
7172f2
	type kmsg_device_t;
7172f2
	type proc_kmsg_t;
10eaf0
	type proc_security_t;
7172f2
	type systemd_hostnamed_t;
7172f2
	type systemd_localed_t;
7172f2
	type systemd_logind_t;
7172f2
	type systemd_resolved_t;
7172f2
	type systemd_tmpfiles_t;
10eaf0
	type systemd_hwdb_t;
10eaf0
	type systemd_sysctl_t;
7172f2
	type security_t;
10eaf0
	type tpm_device_t;
10eaf0
	type ramfs_t;
10eaf0
	type shadow_t;
7172f2
	type syslogd_t;
7172f2
	type user_tmp_t;
10eaf0
	type systemd_machined_t;
10eaf0
	type system_dbusd_var_run_t;
10eaf0
	type systemd_networkd_t;
7172f2
')
7172f2
10eaf0
#============= init_t ==============
7172f2
allow init_t kmsg_device_t:chr_file mounton;
7172f2
allow init_t proc_kmsg_t:file { getattr mounton };
10eaf0
allow init_t ramfs_t:file manage_file_perms;
10eaf0
allow init_t tpm_device_t:chr_file { read write open };
10eaf0
allow init_t shadow_t:file { read open };
10eaf0
10eaf0
#============= systemd_hwdb_t ==============
10eaf0
allow systemd_hwdb_t security_t:file { read open };
10eaf0
allow systemd_hwdb_t self:netlink_selinux_socket { create bind };
10eaf0
10eaf0
#============= systemd_sysctl_t ==============
10eaf0
allow systemd_sysctl_t proc_security_t:file read;
10eaf0
10eaf0
#============= syslogd_t ==============
10eaf0
allow syslogd_t user_tmp_t:dir search;
10eaf0
10eaf0
#============= systemd_machined_t ==============
10eaf0
allow systemd_machined_t init_var_run_t:sock_file manage_sock_file_perms;
10eaf0
10eaf0
#============= systemd_networkd_t ==============
500ca9
allow systemd_networkd_t system_dbusd_var_run_t:sock_file *;
7172f2
7172f2
selinux_use_status_page(init_t)
7172f2
selinux_use_status_page(systemd_hostnamed_t)
7172f2
selinux_use_status_page(systemd_localed_t)
7172f2
selinux_use_status_page(systemd_logind_t)
7172f2
selinux_use_status_page(systemd_resolved_t)
7172f2
selinux_use_status_page(systemd_tmpfiles_t)
10eaf0
selinux_use_status_page(systemd_hwdb_t)