[refpolicy] systemd policy

Dominick Grift dominick.grift at gmail.com
Tue Jan 14 05:12:02 EST 2014


On Tue, 2014-01-14 at 10:37 +1100, Russell Coker wrote:
> --- a/policy/flask/access_vectors
> +++ b/policy/flask/access_vectors
> @@ -389,10 +389,14 @@
>  class system
>  {
>         ipc_info
> -       syslog_read  
> +       syslog_read
>         syslog_mod
>         syslog_console
>         module_request
> +       halt
> +       reboot
> +       status
> +       undefined
>  }
>  

I am not sure if these should be added but i might be wrong

These seem like systemd OM av permissions
system is kernel OM security class

Not sure whether, if my assumptions are correct, it makes sense to add
user space av permissions to kernel security classes






More information about the refpolicy mailing list