Re: [PATCH] strict policy patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




===================================================================
--- refpolicy-2.20210908.orig/policy/modules/system/systemd.te
+++ refpolicy-2.20210908/policy/modules/system/systemd.te
@@ -65,10 +65,6 @@ type systemd_activate_t;
  type systemd_activate_exec_t;
  init_system_domain(systemd_activate_t, systemd_activate_exec_t)
-type systemd_analyze_t;
-type systemd_analyze_exec_t;
-init_daemon_domain(systemd_analyze_t, systemd_analyze_exec_t)
-
  type systemd_backlight_t;
  type systemd_backlight_exec_t;
  init_system_domain(systemd_backlight_t, systemd_backlight_exec_t)

I proposed a similar change last year here and the consensus in the PR discussion was that it would make more sense to add policy for the systemd_analyze_t domain for cases that wanted a transition there, but keeping the general approach of running in the parent domain.

https://github.com/SELinuxProject/refpolicy/pull/321

Of course, no one has actually submitted systemd_analyze_t policy yet, so maybe the demand for such a use case isn't all that high?

-Daniel



[Index of Archives]     [AMD Graphics]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux