From: dominick.grift@gmail.com (Dominick Grift) Date: Tue, 14 Jan 2014 11:12:02 +0100 Subject: [refpolicy] systemd policy In-Reply-To: <3417214.hAyNvCIVsu@russell.coker.com.au> References: <5992094.YlEUt0BCZP@russell.coker.com.au> <5347508.kSSh66cgIv@russell.coker.com.au> <52D401D3.5040900@redhat.com> <3417214.hAyNvCIVsu@russell.coker.com.au> Message-ID: <1389694322.28251.19.camel@x220.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Tue, 2014-01-14 at 10:37 +1100, Russell Coker wrote: > --- a/policy/flask/access_vectors > +++ b/policy/flask/access_vectors > @@ -389,10 +389,14 @@ > class system > { > ipc_info > - syslog_read > + syslog_read > syslog_mod > syslog_console > module_request > + halt > + reboot > + status > + undefined > } > I am not sure if these should be added but i might be wrong These seem like systemd OM av permissions system is kernel OM security class Not sure whether, if my assumptions are correct, it makes sense to add user space av permissions to kernel security classes