diff options
-rw-r--r-- | recipes-security/refpolicy/refpolicy-minimum/0007-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/recipes-security/refpolicy/refpolicy-minimum/0007-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch b/recipes-security/refpolicy/refpolicy-minimum/0007-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch index 50e3c641f87..a4084d72f48 100644 --- a/recipes-security/refpolicy/refpolicy-minimum/0007-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch +++ b/recipes-security/refpolicy/refpolicy-minimum/0007-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch @@ -49,15 +49,18 @@ diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te index 19a7a20..cefa59d 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te -@@ -1105,3 +1105,8 @@ allow init_t self:capability2 audit_read; +@@ -1105,3 +1105,11 @@ allow init_t self:capability2 audit_read; allow initrc_t init_t:system { start status reboot }; allow initrc_t init_var_run_t:service { start status }; + +allow initrc_t init_var_run_t:service stop; -+allow initrc_t init_t:dbus send_msg; ++init_dbus_chat(initrc_t) + -+allow init_t initrc_t:dbus { send_msg acquire_svc }; ++gen_require(` ++ class dbus acquire_svc; ++') ++allow init_t initrc_t:dbus { acquire_svc }; diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te index 09ec33f..be25c82 100644 --- a/policy/modules/system/locallogin.te |