diff options
| author |   Jonathan Davies <jpds@protonmail.com> | 2022-03-09 21:12:55 +0000 |
|---|---|---|
| committer |   Jason Zaman <perfinion@gentoo.org> | 2022-03-30 19:40:11 -0700 |
| commit | f50d9ead3ac0cfc047b5fa1e141ea16f720fcc13 (patch) | |
| tree | 2969cf198f2fb7c0c3fc7bbeb4304fc5f805c5fa | |
| parent | mailmain: Fix SELint issues. (diff) | |
| download | hardened-refpolicy-f50d9ead3ac0cfc047b5fa1e141ea16f720fcc13.tar.gz hardened-refpolicy-f50d9ead3ac0cfc047b5fa1e141ea16f720fcc13.tar.bz2 hardened-refpolicy-f50d9ead3ac0cfc047b5fa1e141ea16f720fcc13.zip | |
systemd.te: Added boolean for allowing dhcpd server packets.
Signed-off-by: Jonathan Davies <jpds@protonmail.com>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
| -rw-r--r-- | policy/modules/system/systemd.te | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te index d02e7edd5..cd120829a 100644 --- a/policy/modules/system/systemd.te +++ b/policy/modules/system/systemd.te @@ -14,6 +14,13 @@ gen_tunable(systemd_tmpfiles_manage_all, false) ## <desc> ## <p> +## Allow systemd-networkd to run its DHCPd server component +## </p> +## </desc> +gen_tunable(systemd_networkd_dhcp_server, false) + +## <desc> +## <p> ## Allow systemd-nspawn to create a labelled namespace with the same types ## as parent environment ## </p> @@ -1090,6 +1097,11 @@ sysnet_read_config(systemd_networkd_t) systemd_log_parse_environment(systemd_networkd_t) +tunable_policy(`systemd_networkd_dhcp_server',` + corenet_sendrecv_dhcpd_server_packets(systemd_networkd_t) + corenet_udp_bind_dhcpd_port(systemd_networkd_t) +') + optional_policy(` dbus_system_bus_client(systemd_networkd_t) dbus_connect_system_bus(systemd_networkd_t) |