commit: 1958d08d70d801a23e7ef15a8b3b0857b6c79946 Author: Daniel Burgener <Daniel.Burgener <AT> microsoft <DOT> com> AuthorDate: Wed Nov 11 21:14:43 2020 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sat Nov 28 22:55:41 2020 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=1958d08d
Allow init to mount over the system bus In portable profiles, systemd bind mounts the system bus into process namespaces Signed-off-by: Daniel Burgener <Daniel.Burgener <AT> microsoft.com> Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> policy/modules/services/dbus.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/services/dbus.te b/policy/modules/services/dbus.te index f123c6d9..86e79b76 100644 --- a/policy/modules/services/dbus.te +++ b/policy/modules/services/dbus.te @@ -50,6 +50,7 @@ init_named_socket_activation(system_dbusd_t, system_dbusd_runtime_t) type system_dbusd_runtime_t alias system_dbusd_var_run_t; files_runtime_file(system_dbusd_runtime_t) init_daemon_runtime_file(system_dbusd_runtime_t, dir, "dbus") +init_mountpoint(system_dbusd_runtime_t) type system_dbusd_tmp_t; files_tmp_file(system_dbusd_tmp_t)
