commit: b68e3d24a8c066ede243cb178f85c4446fc1d13f
Author: Krzysztof Nowicki <krissn <AT> op <DOT> pl>
AuthorDate: Thu Aug 13 19:30:13 2020 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Feb 15 19:49:24 2021 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=b68e3d24
Fix systemd-journal-flush service
This service executes journalctl, which needs access to the journald
socket.
Signed-off-by: Krzysztof Nowicki <krissn <AT> op.pl>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/system/init.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index f711e535..64cddd70 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1061,6 +1061,7 @@ ifdef(`init_systemd',`
logging_manage_audit_config(initrc_t)
# journalctl:
logging_watch_runtime_dirs(initrc_t)
+ logging_manage_runtime_sockets(initrc_t)
# lvm2-activation-generator checks file labels
seutil_read_file_contexts(initrc_t)
