commit: f99e9784118da0cf0ce9c12d9af85d3614a3d6cc Author: Krzysztof Nowicki <krissn <AT> op <DOT> pl> AuthorDate: Thu Feb 4 15:55:09 2021 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Mon Feb 15 19:49:24 2021 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f99e9784
Allow systemd-tmpfilesd to access nsswitch information Fixes io.systemd.DynamicUser denials. Signed-off-by: Krzysztof Nowicki <krissn <AT> op.pl> Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> policy/modules/system/systemd.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te index 2b50638b..74ac00cc 100644 --- a/policy/modules/system/systemd.te +++ b/policy/modules/system/systemd.te @@ -1352,6 +1352,8 @@ auth_relabel_lastlog(systemd_tmpfiles_t) auth_relabel_login_records(systemd_tmpfiles_t) auth_setattr_login_records(systemd_tmpfiles_t) +auth_use_nsswitch(systemd_tmpfiles_t) + init_manage_utmp(systemd_tmpfiles_t) init_manage_var_lib_files(systemd_tmpfiles_t) # for /proc/1/environ