From: russell@coker.com.au (Russell Coker) Date: Thu, 09 Feb 2017 12:34:10 +1100 Subject: [refpolicy] [PATCH] systemd core patch In-Reply-To: References: <11722027.yIq6mmZ5g1@russell.coker.com.au> Message-ID: <3002933.O5dVEifZcm@russell.coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Wednesday, 8 February 2017 5:05:51 PM AEDT Chris PeBenito wrote: > On 02/06/17 22:40, Russell Coker via refpolicy wrote: > > I've attached the main patch for systemd policy in Debian. Please > > consider it for merging. > > > > It's a large patch (which is why I had to compress it to fit the list > > limits for attachment size). If you don't like some sections could you > > merge the others? > > Yes, I'll do that. Do you have a summary of the changes? Added systemd_notify_t domain and all necessary policy. Added policy for systemd_backlight_t, systemd_cgroups_t, systemd_hostnamed_t, systemd_locale_t, systemd_sessions_t Added quite a bit of policy for systemd_tmpfiles_t which is mostly to allow it to work in a normal configuration without being able to modify everything on the system. Added lots of policy for systemd_coredump_t, systemd_machined_t, systemd_nspawn_t, and systemd_passwd_agent_t. These were essentially stub domains before. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/