From: bigon@debian.org (Laurent Bigonville)
Date: Sat,  5 Jul 2014 15:59:54 +0200
Subject: [refpolicy] systemd security class and AV's
Message-ID: <1404568795-13434-1-git-send-email-bigon@debian.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hi,

This is probably a fist step to have systemd support in the policy.

The following patch is adding the security class and the AV's needed for
systemd.

The list of AV's has been built by grepping the systemd code for the calls to
selinux_unit_access_check() and selinux_access_check() macro but is a bit
different of what Fedora/RHEL have in their own policy and documentation.

For example, Fedora/RHEL have 2 extra AV (kill and load) in the service class
while I cannot find anything in the code. On the other hand, they seems to miss
the start and stop AV in the system class.

Did I overlooked something or is there a bug in that regard in the Fedora/RHEL
policy and documentation?

Cheers,

Laurent Bigonville