diff options
| author |   Kenton Groombridge <concord@gentoo.org> | 2024-01-12 20:48:16 -0500 |
|---|---|---|
| committer | Kenton Groombridge <concord@gentoo.org> | 2024-03-01 12:04:51 -0500 |
| commit | b2e8c4d0382d94c6f210db1bbe2e6bcfa7dd9ea7 (patch) | |
| tree | 4348751674eb7f62a9b3d97e3913e93e28010e70 | |
| parent | rpc: fix not labeling exports.d directory (diff) | |
| download | hardened-refpolicy-b2e8c4d0382d94c6f210db1bbe2e6bcfa7dd9ea7.tar.gz hardened-refpolicy-b2e8c4d0382d94c6f210db1bbe2e6bcfa7dd9ea7.tar.bz2 hardened-refpolicy-b2e8c4d0382d94c6f210db1bbe2e6bcfa7dd9ea7.zip | |
dbus: allow the system bus to get the status of generic units
dbus-broker checks the status of systemd-logind.
type=USER_AVC msg=audit(1705109503.237:123): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { status } for auid=n/a uid=0 gid=101 path="/usr/lib /systemd/system/systemd-logind.service" cmdline="/usr/bin/dbus-broker-launch --scope system --audit" function="reply_unit_path" scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:systemd_unit_t:s0 tclass=service permissive=1 exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
Signed-off-by: Kenton Groombridge <concord@gentoo.org>
| -rw-r--r-- | policy/modules/services/dbus.te | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/policy/modules/services/dbus.te b/policy/modules/services/dbus.te index 9ccd8a42..80c81588 100644 --- a/policy/modules/services/dbus.te +++ b/policy/modules/services/dbus.te @@ -214,6 +214,9 @@ ifdef(`init_systemd', ` init_start_system(system_dbusd_t) # needed by dbus-broker + # dbus-broker checks the status of systemd-logind + init_get_generic_units_status(system_dbusd_t) + # for system dbus daemon to start/stop units init_start_all_units(system_dbusd_t) init_stop_all_units(system_dbusd_t) |