systemd: appropriately label /run/log/systemd as systemd_log_t

systemd stores some early boot log files here, such as the userspace measurement event log for TPMs. The logfiles stored here aren't sensitive enough to warrant their own type, so let's just reuse systemd_log_t. Signed-off-by: Rahul Sandhu <[email protected]>
SELinuxProject · Dec 12, 2024 · 8d1a59f · 8d1a59f
1 parent 63f0c51
commit 8d1a59f
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/policy/modules/system/systemd.fc b/policy/modules/system/systemd.fc
@@ -4,6 +4,7 @@
 /etc/udev/hwdb\.bin			--	gen_context(system_u:object_r:systemd_hwdb_t,s0)
 
 /run/log/journal(/.*)?				gen_context(system_u:object_r:systemd_journal_t,s0)
+/run/log/systemd(/.*)?				gen_context(system_u:object_r:systemd_log_t,s0)
 
 /usr/bin/journalctl				--	gen_context(system_u:object_r:systemd_journalctl_exec_t,s0)
 /usr/bin/systemd-analyze		--	gen_context(system_u:object_r:systemd_analyze_exec_t,s0)