Skip to content

Commit

Permalink
Merge branch 'factory-bsc1230315' into 'factory'
Browse files Browse the repository at this point in the history 
Initial policy for udev-trigger-generator (bsc#1230315)

See merge request selinux/selinux-policy!106
  • Loading branch information
@ca-hu
ca-hu committed Sep 12, 2024
2 parents e85cc21 + 9ed0b18 commit aeb3f39
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 0 deletions.
1 change: 1 addition & 0 deletions policy/modules/system/systemd.fc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ HOME_DIR/\.config/systemd/user(/.*)? gen_context(system_u:object_r:systemd_unit
/usr/lib/systemd/system-generators/status-mail-generator.sh -- gen_context(system_u:object_r:systemd_status_mail_generator_exec_t,s0)
/usr/lib/systemd/system-generators/systemd-sysv-generator -- gen_context(system_u:object_r:systemd_sysv_generator_exec_t,s0)
/usr/lib/systemd/system-generators/systemd-tpm2-generator -- gen_context(system_u:object_r:systemd_tpm2_generator_exec_t,s0)
/usr/lib/systemd/system-generators/udev-trigger-generator -- gen_context(system_u:object_r:systemd_udev_trigger_generator_exec_t,s0)
/usr/lib/systemd/system-generators/zram-generator -- gen_context(system_u:object_r:systemd_zram_generator_exec_t,s0)
/usr/lib/systemd/system-generators/.+ -- gen_context(system_u:object_r:systemd_generic_generator_exec_t,s0)
/usr/lib/systemd/zram-generator.conf -- gen_context(system_u:object_r:systemd_zram_generator_conf_t,s0)
Expand Down
15 changes: 15 additions & 0 deletions policy/modules/system/systemd.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -221,6 +221,8 @@ systemd_generator_template(systemd_ssh_generator)
systemd_generator_template(systemd_sysv_generator)
# tpm2-generator
systemd_generator_template(systemd_tpm2_generator)
# udev-trigger-generator
systemd_generator_template(systemd_udev_trigger_generator)
# zram-generator
systemd_generator_template(systemd_zram_generator)
type systemd_zram_generator_conf_t;
Expand Down Expand Up @@ -1455,6 +1457,19 @@ init_read_script_files(systemd_sysv_generator_t)
### tpm2 generator
dev_list_sysfs(systemd_tpm2_generator_t)

### udev trigger generator
corecmd_exec_bin(systemd_udev_trigger_generator_t)

dev_list_sysfs(systemd_udev_trigger_generator_t)
dev_read_sysfs(systemd_udev_trigger_generator_t)

optional_policy(`
# ignore #!/bin/bash reading passwd file
auth_dontaudit_read_passwd_file(systemd_udev_trigger_generator_t)
')

permissive systemd_udev_trigger_generator_t;

### zram generator
allow systemd_zram_generator_t systemd_fstab_generator_unit_file_t:file write_file_perms;
permissive systemd_zram_generator_t;
Expand Down

0 comments on commit aeb3f39

Please sign in to comment.