Skip to content

Commit

Permalink
systemd: use init_daemon_domain instead of init_system_domain for sys…
Browse files Browse the repository at this point in the history
…temd-networkd and systemd-resolved

Systemd-networkd and systemd-resolved are daemons.

Fixes:
avc:  denied  { write } for  pid=277 comm="systemd-resolve"
name="notify" dev="tmpfs" ino=31
scontext=system_u:system_r:systemd_resolved_t
tcontext=system_u:object_r:systemd_runtime_notify_t tclass=sock_file
permissive=1

avc:  denied  { write } for  pid=324 comm="systemd-network"
name="notify" dev="tmpfs" ino=31
scontext=system_u:system_r:systemd_networkd_t
tcontext=system_u:object_r:systemd_runtime_notify_t tclass=sock_file
permissive=1

Signed-off-by: Yi Zhao <[email protected]>
  • Loading branch information
yizhao1 committed Oct 7, 2023
1 parent d542d53 commit 6eecf51
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions policy/modules/system/systemd.te
Original file line number Diff line number Diff line change
Expand Up @@ -195,7 +195,7 @@ init_daemon_domain(systemd_modules_load_t, systemd_modules_load_exec_t)

type systemd_networkd_t;
type systemd_networkd_exec_t;
init_system_domain(systemd_networkd_t, systemd_networkd_exec_t)
init_daemon_domain(systemd_networkd_t, systemd_networkd_exec_t)

type systemd_networkd_runtime_t alias systemd_networkd_var_run_t;
files_runtime_file(systemd_networkd_runtime_t)
Expand Down Expand Up @@ -231,7 +231,7 @@ files_type(systemd_pstore_var_lib_t)

type systemd_resolved_t;
type systemd_resolved_exec_t;
init_system_domain(systemd_resolved_t, systemd_resolved_exec_t)
init_daemon_domain(systemd_resolved_t, systemd_resolved_exec_t)

type systemd_resolved_runtime_t alias systemd_resolved_var_run_t;
files_runtime_file(systemd_resolved_runtime_t)
Expand Down

0 comments on commit 6eecf51

Please sign in to comment.