[refpolicy] systemd policy

Russell Coker russell at coker.com.au
Sun Jan 12 02:06:18 EST 2014


The below was in the Debian policy tree, it was ported from Fedora policy in 
2012.  What happened to this?  Is it needed for systemd?  It doesn't seem to 
be in the git repository, has someone devised another way of doing this?

Index: refpolicy-2.20110726/policy/flask/security_classes
===================================================================
--- refpolicy-2.20110726.orig/policy/flask/security_classes     2012-06-30 
12:31:47.440239041 +1000
+++ refpolicy-2.20110726/policy/flask/security_classes  2012-06-30 
12:32:00.236479159 +1000
@@ -131,4 +131,11 @@
 class db_sequence              # userspace
 class db_language              # userspace

+# systemd services
+class service
+
+# gssd services
+class proxy
+
+
 # FLASK
Index: refpolicy-2.20110726/policy/flask/access_vectors
===================================================================
--- refpolicy-2.20110726.orig/policy/flask/access_vectors       2012-06-30 
12:31:47.440239041 +1000
+++ refpolicy-2.20110726/policy/flask/access_vectors    2012-06-30 
12:32:00.236479159 +1000
@@ -393,6 +393,10 @@
        syslog_mod
        syslog_console
        module_request
+       halt
+       reboot
+       status
+       undefined
 }

 #
@@ -862,3 +866,20 @@
        implement
        execute
 }
+
+class service
+{
+       start
+       stop
+       status
+       reload
+       kill
+       load
+       enable
+       disable
+}
+
+class proxy
+{
+       read
+}

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/



More information about the refpolicy mailing list