Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.5 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CE33DC43441 for ; Sat, 17 Nov 2018 04:23:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 7AFE220824 for ; Sat, 17 Nov 2018 04:23:51 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=tresys.onmicrosoft.com header.i=@tresys.onmicrosoft.com header.b="i1axEDqC" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7AFE220824 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=tresys.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729820AbeKQOjJ (ORCPT ); Sat, 17 Nov 2018 09:39:09 -0500 Received: from mail-eopbgr800129.outbound.protection.outlook.com ([40.107.80.129]:6123 "EHLO NAM03-DM3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728478AbeKQOjI (ORCPT ); Sat, 17 Nov 2018 09:39:08 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tresys.onmicrosoft.com; s=selector1-tresys-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Wg7A3lBJPKUWaPBysvNaujnJnJpl+nvWYrXn9j98YE8=; b=i1axEDqCnS8Hve7VQoencgDu6+A9zObcQiXBqkYTMD4y+DBSBMbx5tNcbFc1aLqcXwqYQHoMYuu28oW1qnTOC4lVlDFI45niCRQwV4b80p1r48lMCfVRCvPy08WGwnoGOviyI/PNDfjuowOPQ4/FpwZXKBFeWPlr0kfZx8uUobk= Received: from BN6PR15MB1507.namprd15.prod.outlook.com (10.172.151.147) by BN6PR15MB1795.namprd15.prod.outlook.com (10.174.238.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1294.26; Sat, 17 Nov 2018 04:23:44 +0000 Received: from BN6PR15MB1507.namprd15.prod.outlook.com ([fe80::19a7:1a53:2419:2929]) by BN6PR15MB1507.namprd15.prod.outlook.com ([fe80::19a7:1a53:2419:2929%9]) with mapi id 15.20.1339.023; Sat, 17 Nov 2018 04:23:44 +0000 From: David Sugar To: "selinux-refpolicy@vger.kernel.org" Subject: [PATCH 2/2] interface to enable/disable systemd_networkd service Thread-Topic: [PATCH 2/2] interface to enable/disable systemd_networkd service Thread-Index: AQHUfi1Tzt9cbwmOFUWShcF7T0m7NA== Date: Sat, 17 Nov 2018 04:23:43 +0000 Message-ID: <20181117042305.23949-2-dsugar@tresys.com> References: <20181117042305.23949-1-dsugar@tresys.com> In-Reply-To: <20181117042305.23949-1-dsugar@tresys.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [73.180.141.176] x-clientproxiedby: BN4PR12CA0022.namprd12.prod.outlook.com (2603:10b6:403:2::32) To BN6PR15MB1507.namprd15.prod.outlook.com (2603:10b6:404:c6::19) authentication-results: spf=none (sender IP is ) smtp.mailfrom=dsugar@tresys.com; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;BN6PR15MB1795;6:iFYXlhFO/ByVwVXAqcP3du/0XwiC53jnriUP55h2PAN7OTH3iHv0PP6KxBUJg7P2SO/g987dtO4ZFn3jkxw3gWN/HZR70ACVY/YKBdYCiTG9VU2qDyGYJhWgpbK2XPu2rVRdwa6rNBxqdZ21s3cNMAMkMKcOpjtBsjUcmBr6363ECkMmh0syS3w1y/SwI4yCyXtdcugfTIqbWaiX42WQuvCVuDvU3fxRj7KXkK0YUTa8YaGuA6u3tk45HYP8Kleddw5vJ6E9x7hQmIhXsAMpDY0YpUFHEFl8ue3bZOAzsA6JO1WeNXt894nE8bO8nrYSk6JDD2Ms733jEh0BN7fn8FuTOlDquXeVz7WChl20Y2mVsC8wmVFbW4KCMRDBC3R9UKEnk7qfx3xqHM0+se5ZC3A/WjNgsnkBqyJ6V9zJhtjVNaqgxnA+8Kc9dWEaOJB3/ojENlpa+r3L9m7VFycYsA==;5:kJJlu5vozA1teU82DjH0wjEmjZ+JW4vdtYWiFcTvROq2Yhm1XWU9o0ipD2McwIP44fpUmKVg5/uekWsCcyFeHvpf+JB/V0evGJzjH1VCXx6Do/HjLzSQV2x+4Lz6vVBrQ22z4mChrM4cZR9nCmBoPjECzjb+zLQnT3V0k6OGPr0=;7:2QRyK36Eui1NG4G+0rne3Z3kGwac5YJBMYyjvkwvkttt25G5q6+ranwSgI0pFUUlhEMo8rPT8we+R8h+HVsYCyZTIc6P7CYrpT6OnIn5yStUNHzDMour+0MDPmtNPhddl5/DghhOz9kxlLy2ehcGYA== x-ms-office365-filtering-correlation-id: 8ccd99e9-d375-4ee6-c03e-08d64c447594 x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390098)(7020095)(4652040)(7021145)(8989299)(5600074)(711020)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(2017052603328)(7153060)(7193020);SRVR:BN6PR15MB1795; x-ms-traffictypediagnostic: BN6PR15MB1795: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(269456686620040); x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(3231415)(944501410)(52105112)(3002001)(93006095)(93001095)(148016)(149066)(150057)(6041310)(20161123562045)(20161123564045)(20161123558120)(2016111802025)(20161123560045)(6043046)(201708071742011)(7699051)(76991095);SRVR:BN6PR15MB1795;BCL:0;PCL:0;RULEID:;SRVR:BN6PR15MB1795; x-forefront-prvs: 085956473E x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(396003)(366004)(376002)(346002)(136003)(39830400003)(199004)(189003)(2616005)(486006)(476003)(11346002)(8676002)(446003)(81156014)(53936002)(81166006)(52116002)(102836004)(508600001)(5660300001)(2900100001)(6512007)(76176011)(386003)(68736007)(6506007)(186003)(2501003)(575784001)(97736004)(26005)(6436002)(5640700003)(99286004)(305945005)(3846002)(14454004)(6116002)(1076002)(7736002)(256004)(14444005)(71190400001)(71200400001)(36756003)(86362001)(2906002)(2351001)(66066001)(6916009)(25786009)(105586002)(8936002)(6486002)(106356001)(316002);DIR:OUT;SFP:1102;SCL:1;SRVR:BN6PR15MB1795;H:BN6PR15MB1507.namprd15.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; received-spf: None (protection.outlook.com: tresys.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: 4cO4t+jfeIhztMnDOoJKUCf8tTf1tmWSxJN6S8JzpxRuJw2GZNNA28yWherpdX5zEWlpfmvmPfFeG5VcbyRPBXjUMUdu4RIXQkBeruL1T/965lnO8Zqln+LL6CuVmm/ueOcEzfsT8ULWQhwiHTIizNW6MrrsxexoPHa6Udf3NOGrLFslMHfzUyw2uAlvpYCKNbpixJTwuMlGTIVITW4YIXQSGb2IsLvXBTzmZl09J2KJxCgNXY1yULEmTH7kiI4OoZKyQvYaH3w6A8BZVd8aZwiL5Qs6/vcXIvvLU/grJQe9W9ZKEDnLE+7wQMhbPV2fsapwU2FUipUUlmSTZvY7OshtSnUmMn11LYI361HUMbM= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: tresys.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8ccd99e9-d375-4ee6-c03e-08d64c447594 X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Nov 2018 04:23:43.8048 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: a0d45667-6c07-4e88-868f-4ac9af95c7ed X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR15MB1795 Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org Signed-off-by: Dave Sugar --- policy/modules/system/systemd.if | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/policy/modules/system/systemd.if b/policy/modules/system/syste= md.if index 9247924b..74f0b215 100644 --- a/policy/modules/system/systemd.if +++ b/policy/modules/system/systemd.if @@ -467,6 +467,25 @@ interface(`systemd_manage_networkd_units',` manage_files_pattern($1, systemd_networkd_unit_t, systemd_networkd_unit_t= ) ') =20 +######################################## +## +## Allow specified domain to enable systemd-networkd units +## +## +## +## Domain allowed access. +## +## +# +interface(`systemd_enabledisable_networkd',` + gen_require(` + type systemd_networkd_unit_t; + class service { enable disable }; + ') + + allow $1 systemd_networkd_unit_t:service { enable disable }; +') + ######################################## ## ## Allow specified domain to start systemd-networkd units --=20 2.19.1