Return-Path: <SRS0=O2xr=PQ=vger.kernel.org=selinux-refpolicy-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_PASS,
	USER_AGENT_MUTT autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A9633C43387
	for <selinux-refpolicy@archiver.kernel.org>; Tue,  8 Jan 2019 11:41:58 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 786AE2087E
	for <selinux-refpolicy@archiver.kernel.org>; Tue,  8 Jan 2019 11:41:58 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (1024-bit key) header.d=coker.com.au header.i=@coker.com.au header.b="TjD6c1XU"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728186AbfAHLl6 (ORCPT
        <rfc822;selinux-refpolicy@archiver.kernel.org>);
        Tue, 8 Jan 2019 06:41:58 -0500
Received: from smtp.sws.net.au ([46.4.88.250]:38190 "EHLO smtp.sws.net.au"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1727107AbfAHLl6 (ORCPT
        <rfc822;selinux-refpolicy@vger.kernel.org>);
        Tue, 8 Jan 2019 06:41:58 -0500
Received: from xev.coker.com.au (localhost [127.0.0.1])
        by smtp.sws.net.au (Postfix) with ESMTP id 15EEEF63D
        for <selinux-refpolicy@vger.kernel.org>; Tue,  8 Jan 2019 22:41:56 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coker.com.au;
        s=2008; t=1546947716;
        bh=Mp5p8Rc7IzFNDNKTBNrqzUcQkMjBowqGjpBiyCToNzo=; l=1474;
        h=Date:From:To:Subject:From;
        b=TjD6c1XUz+/hE/ut0ITdvzDd1NEw+Qjn3tr6py7iJ1sb2MSKncLNgXodYUsIiI/cy
         66TCFSbyt0FzkliDlroieusf2zjPdRz9ykhEv2EYcUVRdkQy450rU5KY6tFAI9g2+B
         uz3inJ6O9gg9rOwoTXdI67+u0TRzrW7hQHqVfKOQ=
Received: by xev.coker.com.au (Postfix, from userid 1001)
        id 0EBE1C40615; Tue,  8 Jan 2019 22:41:51 +1100 (AEDT)
Date:   Tue, 8 Jan 2019 22:41:51 +1100
From:   Russell Coker <russell@coker.com.au>
To:     selinux-refpolicy@vger.kernel.org
Subject: [PATCH] /run/systemd/units/ links
Message-ID: <20190108114151.GA416@xev>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: selinux-refpolicy-owner@vger.kernel.org
Precedence: bulk
List-ID: <selinux-refpolicy.vger.kernel.org>
X-Mailing-List: selinux-refpolicy@vger.kernel.org

This allows systemd-journald to read /run/systemd/units/ link files.

Index: refpolicy-2.20180701/policy/modules/system/logging.te
===================================================================
--- refpolicy-2.20180701.orig/policy/modules/system/logging.te
+++ refpolicy-2.20180701/policy/modules/system/logging.te
@@ -547,6 +547,7 @@ ifdef(`init_systemd',`
 	init_create_pid_dirs(syslogd_t)
 	init_daemon_pid_file(syslogd_var_run_t, dir, "syslogd")
 	init_getattr(syslogd_t)
+	init_read_run_links(syslogd_t)
 	init_rename_pid_files(syslogd_t)
 	init_delete_pid_files(syslogd_t)
 	init_dgram_send(syslogd_t)
Index: refpolicy-2.20180701/policy/modules/system/init.if
===================================================================
--- refpolicy-2.20180701.orig/policy/modules/system/init.if
+++ refpolicy-2.20180701/policy/modules/system/init.if
@@ -894,6 +894,26 @@ interface(`init_dgram_send',`
 
 ########################################
 ## <summary>
+##	read init /run link files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`init_read_run_links',`
+	gen_require(`
+		type init_var_run_t;
+	')
+
+	files_search_pids($1)
+	allow $1 init_var_run_t:lnk_file read_lnk_file_perms;
+')
+
+########################################
+## <summary>
 ##	Read and write to inherited init unix streams.
 ## </summary>
 ## <param name="domain">