From 6eecf51716db01ad6b98cf83d1ab2b1a41291787 Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Sat, 7 Oct 2023 10:33:31 +0800 Subject: [PATCH] systemd: use init_daemon_domain instead of init_system_domain for systemd-networkd and systemd-resolved Systemd-networkd and systemd-resolved are daemons. Fixes: avc: denied { write } for pid=277 comm="systemd-resolve" name="notify" dev="tmpfs" ino=31 scontext=system_u:system_r:systemd_resolved_t tcontext=system_u:object_r:systemd_runtime_notify_t tclass=sock_file permissive=1 avc: denied { write } for pid=324 comm="systemd-network" name="notify" dev="tmpfs" ino=31 scontext=system_u:system_r:systemd_networkd_t tcontext=system_u:object_r:systemd_runtime_notify_t tclass=sock_file permissive=1 Signed-off-by: Yi Zhao --- policy/modules/system/systemd.te | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te index e24e7869c0..875370749b 100644 --- a/policy/modules/system/systemd.te +++ b/policy/modules/system/systemd.te @@ -195,7 +195,7 @@ init_daemon_domain(systemd_modules_load_t, systemd_modules_load_exec_t) type systemd_networkd_t; type systemd_networkd_exec_t; -init_system_domain(systemd_networkd_t, systemd_networkd_exec_t) +init_daemon_domain(systemd_networkd_t, systemd_networkd_exec_t) type systemd_networkd_runtime_t alias systemd_networkd_var_run_t; files_runtime_file(systemd_networkd_runtime_t) @@ -231,7 +231,7 @@ files_type(systemd_pstore_var_lib_t) type systemd_resolved_t; type systemd_resolved_exec_t; -init_system_domain(systemd_resolved_t, systemd_resolved_exec_t) +init_daemon_domain(systemd_resolved_t, systemd_resolved_exec_t) type systemd_resolved_runtime_t alias systemd_resolved_var_run_t; files_runtime_file(systemd_resolved_runtime_t)