systemd: allow systemd-logind to use sshd pidfds

This is to avoid a long timeout in pam_systemd when logging on. This is the second half of the fix described in ddc6ac493cef7bb64c3d1904b2c660f61b931f59. Signed-off-by: Kenton Groombridge <concord@gentoo.org> Signed-off-by: Jason Zaman <perfinion@gentoo.org>
author: Kenton Groombridge <concord@gentoo.org> 2024-05-15 10:56:17 -0400
committer: Jason Zaman <perfinion@gentoo.org> 2024-09-21 15:28:29 -0700
commit: cbd200aa09f21b4f5511837dc0992bf7495c6bfe (patch)
tree: 90786f09a54fe74265a4965becc7d72cd11802b5 /policy
parent: tests.yml: Add policy diff on PRs. (diff)
download: hardened-refpolicy-cbd200aa09f21b4f5511837dc0992bf7495c6bfe.tar.gz
hardened-refpolicy-cbd200aa09f21b4f5511837dc0992bf7495c6bfe.tar.bz2
hardened-refpolicy-cbd200aa09f21b4f5511837dc0992bf7495c6bfe.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 3f3f4f1b..ecb248a8 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -1063,6 +1063,12 @@ ifdef(`distro_redhat',`
 	userdom_user_runtime_root_filetrans_user_runtime(systemd_logind_t, dir)
 ')
 
+ifdef(`init_systemd',`
+	optional_policy(`
+		ssh_use_sshd_pidfds(systemd_logind_t)
+	')
+')
+
 tunable_policy(`systemd_logind_get_bootloader',`
 	fs_getattr_dos_fs(systemd_logind_t)
 	fs_list_dos(systemd_logind_t)
author	Kenton Groombridge <concord@gentoo.org>	2024-05-15 10:56:17 -0400
committer	Jason Zaman <perfinion@gentoo.org>	2024-09-21 15:28:29 -0700
commit	cbd200aa09f21b4f5511837dc0992bf7495c6bfe (patch)
tree	90786f09a54fe74265a4965becc7d72cd11802b5 /policy
parent	tests.yml: Add policy diff on PRs. (diff)
download	hardened-refpolicy-cbd200aa09f21b4f5511837dc0992bf7495c6bfe.tar.gz hardened-refpolicy-cbd200aa09f21b4f5511837dc0992bf7495c6bfe.tar.bz2 hardened-refpolicy-cbd200aa09f21b4f5511837dc0992bf7495c6bfe.zip