diff options
| author |   Kenton Groombridge <me@concord.sh> | 2021-11-09 19:51:33 -0500 |
|---|---|---|
| committer |   Jason Zaman <perfinion@gentoo.org> | 2022-03-30 19:40:53 -0700 |
| commit | b3a7d999f44a74fcb84a309b909541a64a6d2ef5 (patch) | |
| tree | f8cce031e8f3f9ccb15db2f125fe473c2382318d | |
| parent | Rules.modular: add pure-load target (diff) | |
| download | hardened-refpolicy-b3a7d999f44a74fcb84a309b909541a64a6d2ef5.tar.gz hardened-refpolicy-b3a7d999f44a74fcb84a309b909541a64a6d2ef5.tar.bz2 hardened-refpolicy-b3a7d999f44a74fcb84a309b909541a64a6d2ef5.zip | |
init: allow systemd to nnp_transition and nosuid_transition to daemon domains
Signed-off-by: Kenton Groombridge <me@concord.sh>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
| -rw-r--r-- | policy/modules/system/init.if | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if index 0559dc93b..8d3eab4ad 100644 --- a/policy/modules/system/init.if +++ b/policy/modules/system/init.if @@ -376,6 +376,8 @@ interface(`init_daemon_domain',` allow $1 init_t:unix_dgram_socket sendto; + allow init_t $1:process2 { nnp_transition nosuid_transition }; + optional_policy(` systemd_stream_connect_socket_proxyd($1) ') |