From: dominick.grift@gmail.com (Dominick Grift)
Date: Tue, 14 Jan 2014 11:12:02 +0100
Subject: [refpolicy] systemd policy
In-Reply-To: <3417214.hAyNvCIVsu@russell.coker.com.au>
References: <5992094.YlEUt0BCZP@russell.coker.com.au>
	<5347508.kSSh66cgIv@russell.coker.com.au> <52D401D3.5040900@redhat.com>
	<3417214.hAyNvCIVsu@russell.coker.com.au>
Message-ID: <1389694322.28251.19.camel@x220.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue, 2014-01-14 at 10:37 +1100, Russell Coker wrote:
> --- a/policy/flask/access_vectors
> +++ b/policy/flask/access_vectors
> @@ -389,10 +389,14 @@
>  class system
>  {
>         ipc_info
> -       syslog_read  
> +       syslog_read
>         syslog_mod
>         syslog_console
>         module_request
> +       halt
> +       reboot
> +       status
> +       undefined
>  }
>  

I am not sure if these should be added but i might be wrong

These seem like systemd OM av permissions
system is kernel OM security class

Not sure whether, if my assumptions are correct, it makes sense to add
user space av permissions to kernel security classes