From: jwcart2@tycho.nsa.gov (James Carter)
Date: Wed, 11 Apr 2018 14:55:22 -0400
Subject: [refpolicy] [PATCH 5/8] Move use of systemd_unit_t from systemd.fc
	to init.fc
In-Reply-To: <20180411185525.23486-1-jwcart2@tycho.nsa.gov>
References: <20180411185525.23486-1-jwcart2@tycho.nsa.gov>
Message-ID: <20180411185525.23486-6-jwcart2@tycho.nsa.gov>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The type systemd_unit_t is actually declared in init.te.

Moved the file contexts to label transient systemd files with the
systemd_unit_t type from systemd.fc to init.fc.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
---
 policy/modules/system/init.fc    | 1 +
 policy/modules/system/systemd.fc | 1 -
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
index 71d2ef21..11a6ce93 100644
--- a/policy/modules/system/init.fc
+++ b/policy/modules/system/init.fc
@@ -34,6 +34,7 @@ ifdef(`distro_gentoo',`
 /usr/lib/systemd/user-preset(/.*)? gen_context(system_u:object_r:systemd_unit_t,s0)
 /usr/lib/systemd/ntp-units\.d -d gen_context(system_u:object_r:systemd_unit_t,s0)
 /usr/lib/systemd/system(/.*)?	gen_context(system_u:object_r:systemd_unit_t,s0)
+/run/systemd/transient(/.*)?	gen_context(system_u:object_r:systemd_unit_t,s0)
 
 /usr/libexec/dcc/start-.* --	gen_context(system_u:object_r:initrc_exec_t,s0)
 /usr/libexec/dcc/stop-.* --	gen_context(system_u:object_r:initrc_exec_t,s0)
diff --git a/policy/modules/system/systemd.fc b/policy/modules/system/systemd.fc
index 183e0939..f8812453 100644
--- a/policy/modules/system/systemd.fc
+++ b/policy/modules/system/systemd.fc
@@ -49,7 +49,6 @@
 /run/systemd/resolve(/.*)?  gen_context(system_u:object_r:systemd_resolved_var_run_t,s0)
 /run/systemd/seats(/.*)?	gen_context(system_u:object_r:systemd_sessions_var_run_t,s0)
 /run/systemd/sessions(/.*)?	gen_context(system_u:object_r:systemd_sessions_var_run_t,s0)
-/run/systemd/transient(/.*)?	gen_context(system_u:object_r:systemd_unit_t,s0)
 /run/systemd/users(/.*)?	gen_context(system_u:object_r:systemd_logind_var_run_t,s0)
 /run/systemd/inhibit(/.*)?	gen_context(system_u:object_r:systemd_logind_inhibit_var_run_t,s0)
 /run/systemd/nspawn(/.*)?	gen_context(system_u:object_r:systemd_nspawn_var_run_t,s0)
-- 
2.13.6