diff options
author | Kenton Groombridge <concord@gentoo.org> | 2024-05-15 10:56:17 -0400 |
---|---|---|
committer | Jason Zaman <perfinion@gentoo.org> | 2024-09-21 15:28:29 -0700 |
commit | cbd200aa09f21b4f5511837dc0992bf7495c6bfe (patch) | |
tree | 90786f09a54fe74265a4965becc7d72cd11802b5 /policy | |
parent | tests.yml: Add policy diff on PRs. (diff) | |
download | hardened-refpolicy-cbd200aa09f21b4f5511837dc0992bf7495c6bfe.tar.gz hardened-refpolicy-cbd200aa09f21b4f5511837dc0992bf7495c6bfe.tar.bz2 hardened-refpolicy-cbd200aa09f21b4f5511837dc0992bf7495c6bfe.zip |
systemd: allow systemd-logind to use sshd pidfds
This is to avoid a long timeout in pam_systemd when logging on. This is
the second half of the fix described in
ddc6ac493cef7bb64c3d1904b2c660f61b931f59.
Signed-off-by: Kenton Groombridge <concord@gentoo.org>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
Diffstat (limited to 'policy')
-rw-r--r-- | policy/modules/system/systemd.te | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te index 3f3f4f1b..ecb248a8 100644 --- a/policy/modules/system/systemd.te +++ b/policy/modules/system/systemd.te @@ -1063,6 +1063,12 @@ ifdef(`distro_redhat',` userdom_user_runtime_root_filetrans_user_runtime(systemd_logind_t, dir) ') +ifdef(`init_systemd',` + optional_policy(` + ssh_use_sshd_pidfds(systemd_logind_t) + ') +') + tunable_policy(`systemd_logind_get_bootloader',` fs_getattr_dos_fs(systemd_logind_t) fs_list_dos(systemd_logind_t) |