commit: b68e3d24a8c066ede243cb178f85c4446fc1d13f Author: Krzysztof Nowicki <krissn <AT> op <DOT> pl> AuthorDate: Thu Aug 13 19:30:13 2020 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Mon Feb 15 19:49:24 2021 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=b68e3d24
Fix systemd-journal-flush service This service executes journalctl, which needs access to the journald socket. Signed-off-by: Krzysztof Nowicki <krissn <AT> op.pl> Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> policy/modules/system/init.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te index f711e535..64cddd70 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te @@ -1061,6 +1061,7 @@ ifdef(`init_systemd',` logging_manage_audit_config(initrc_t) # journalctl: logging_watch_runtime_dirs(initrc_t) + logging_manage_runtime_sockets(initrc_t) # lvm2-activation-generator checks file labels seutil_read_file_contexts(initrc_t)