Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp847674ybp; Fri, 11 Oct 2019 05:25:06 -0700 (PDT) X-Google-Smtp-Source: APXvYqwLbXv5sruMvFOukcnJ3BXojxK08F4Xnapa5TSNNP3hnWlsKBVeVGJoAom1JXrUmfNECkMj X-Received: by 2002:a50:fc8b:: with SMTP id f11mr13337764edq.98.1570796705961; Fri, 11 Oct 2019 05:25:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570796705; cv=none; d=google.com; s=arc-20160816; b=OknClcnC9CJrXWpA0dnhjkIWYWdy7s224BZlApDdjRFOhZynXiO8lVeW0TdeG6mKo+ 5fJi+E5gqH59fbWtpCjiTsnNo+cQ4G5+wiI0aYkU9dlA/YIVyXL+ov7g7YL18IagMx0R 0MuQYy8wY4/QOeXyoLIR4HGiiNCEzpUEPIJz2TKVyR6x2OQ7K9p8SjaiqPcC1IJeyzwI Ug2YB2pSU0sfOiuVFtdCMXyyfumEqxu77Q4DzXIfzfy1FUWgee0HpI0fdfFSx4B9ZjVi iwFOBotK5XNFU11WZOwpNVIPeM83MbFFlskhKR3iV7Kr8FjNT8fk3ez51Ff7xy768+fM Q5xA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=9TQey0FzPk1NT+ktgAimChrbkFyKa2DtCMYWe24+RIQ=; b=jhr0tqoU/AeBBWwzuC4c5wvc++ZzqJxemZUDFqpmAOIgO0mMIhsPzojZeRvG6ch84p LU0v1W9/quUTc7wiTTynKHNQ4Nuo3QNz8AGoJfhiELELQv+SA/aNmHFVxrHRnxRF3aOV uVBb9hDKcK+lusIUecRKPfUh6R+LdmsYnrJZRdGXCqDfM54ZrsdBtyJmndnY0FreCgVl 4kH1cZQXUlM055TBx2/gg6dgI+Ep7dZVdXEYQbs96mPuhfsQkI+/Sg0DL89hVj66Bxpe xBPqQr8t/90AVA3vU5ECJUwLlguzc02aQSNtlHP46ZCtpu08GY2TMXvj2ST7R+cmS5ax TGxA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@bigon.be header.s=key1 header.b=aykjvrRW; spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i15si6083678ede.196.2019.10.11.05.25.03; Fri, 11 Oct 2019 05:25:05 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@bigon.be header.s=key1 header.b=aykjvrRW; spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727975AbfJKMYV (ORCPT + 11 others); Fri, 11 Oct 2019 08:24:21 -0400 Received: from ithil.bigon.be ([163.172.57.153]:38282 "EHLO ithil.bigon.be" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728090AbfJKMYV (ORCPT ); Fri, 11 Oct 2019 08:24:21 -0400 Received: from localhost (localhost [IPv6:::1]) by ithil.bigon.be (Postfix) with ESMTP id 5B41820483 for ; Fri, 11 Oct 2019 14:24:18 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bigon.be; h= content-transfer-encoding:mime-version:references:in-reply-to :x-mailer:message-id:date:date:subject:subject:from:from :received:received:received; s=key1; t=1570796658; x=1572611059; bh=pmsmr8ZhSRHFD4SEIB902x2zvfr3HWofjpiKmaYY9fY=; b=aykjvrRWVKD2 JEaszTe3TgtZ4LqY0YGgbKAyURYk3uoqCPkIyQTmozaKIma/pXqJ31cHaOo2vEmv zyhnsh0+Vr1QsmIgRQ+xmv5NTxHpwtvCEKAc2jR0wU0rdM85HjdcekPgTB4GvOOW RuOuQ6RGvnFADZbUrL3TFF/RmT9IANA= Received: from ithil.bigon.be ([IPv6:::1]) by localhost (ithil.bigon.be [IPv6:::1]) (amavisd-new, port 10026) with ESMTP id QJd4wEm6_5MG for ; Fri, 11 Oct 2019 14:24:18 +0200 (CEST) Received: from edoras.bigon.be (unknown [193.53.238.198]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: bigon@bigon.be) by ithil.bigon.be (Postfix) with ESMTPSA for ; Fri, 11 Oct 2019 14:24:18 +0200 (CEST) Received: from bigon (uid 1000) (envelope-from bigon@bigon.be) id 22081 by edoras.bigon.be (DragonFly Mail Agent v0.12); Fri, 11 Oct 2019 14:24:16 +0200 From: Laurent Bigonville To: selinux-refpolicy@vger.kernel.org Subject: [PATCH 09/10] Allow systemd_locale_t to talk to systemd notify socket Date: Fri, 11 Oct 2019 14:24:15 +0200 Message-Id: <20191011122416.14651-9-bigon@debian.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191011122416.14651-1-bigon@debian.org> References: <20191011122416.14651-1-bigon@debian.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org From: Laurent Bigonville ---- time->Sun Oct 6 15:05:29 2019 type=AVC msg=audit(1570367129.524:673): avc: denied { write } for pid=9609 comm="systemd-localed" name="notify" dev="tmpfs" ino=18551 scontext=system_u:system_r:systemd_locale_t:s0 tcontext=system_u:object_r:init_runtime_t:s0 tclass=sock_file permissive=1 Signed-off-by: Laurent Bigonville --- policy/modules/system/systemd.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te index 1422d8e2..3eeb8c64 100644 --- a/policy/modules/system/systemd.te +++ b/policy/modules/system/systemd.te @@ -395,6 +395,8 @@ kernel_read_kernel_sysctls(systemd_locale_t) files_read_etc_files(systemd_locale_t) +init_write_runtime_socket(systemd_locale_t) + seutil_read_file_contexts(systemd_locale_t) systemd_log_parse_environment(systemd_locale_t) -- 2.23.0