-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I guess we can add something like the attached, and then implement systemd checks on these. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4gdHEACgkQrlYvE4MpobOg3gCfU23GCTQuktksXCu6j2mGdnh0 TRUAnRRo34V3/OIxe+ikn7mFrI3sLy38 =gJiT -----END PGP SIGNATURE-----
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index bf24160..468e0fd 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -862,3 +862,12 @@ inherits database
implement
execute
}
+
+class service
+{
+ start
+ stop
+ status
+ reload
+ kill
+}
diff --git a/policy/flask/security_classes b/policy/flask/security_classes
index 14a4799..067ecfc 100644
--- a/policy/flask/security_classes
+++ b/policy/flask/security_classes
@@ -131,4 +131,8 @@ class db_view # userspace
class db_sequence # userspace
class db_language # userspace
+# systemd services
+class service
+
+
# FLASK
Attachment:
service.diff.sig
Description: PGP signature
