Systemd needs to impersonate cups, which means it needs to create tcp_sockets in...

author Dan Walsh <dwalsh@redhat.com>

Wed, 13 Jul 2011 15:25:02 +0000 (11:25 -0400)

committer Dan Walsh <dwalsh@redhat.com>

Wed, 13 Jul 2011 15:25:02 +0000 (11:25 -0400)
author Dan Walsh <dwalsh@redhat.com>
Wed, 13 Jul 2011 15:25:02 +0000 (11:25 -0400)
committer Dan Walsh <dwalsh@redhat.com>
Wed, 13 Jul 2011 15:25:02 +0000 (11:25 -0400)
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if

index 2ae760f1f7b24aa97dd51c00150878e8786b8b0f..99fe8d14d022dea0059a29489b0349a5afb3b192 100644 (file)
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -259,6 +259,7 @@ interface(`init_daemon_domain',`
         tunable_policy(`init_systemd',`
                 allow init_t $1:unix_stream_socket create_stream_socket_perms;
                 allow init_t $1:unix_dgram_socket create_socket_perms;
+               allow init_t $1:tcp_socket create_stream_socket_perms;
                 allow $1 init_t:unix_dgram_socket sendto;
                 dontaudit $1 init_t:unix_stream_socket { read ioctl getattr };
         ')
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te

index e30550a346d3102dc2254068dd41e2d866b82ebd..3e121544c86349b9da385563d3521a52dd4252ac 100644 (file)
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -997,6 +997,7 @@ optional_policy(`
         lpd_list_spool(initrc_t)
  
         lpd_read_config(initrc_t)
+       lpd_manage_spool(init_t)
  ')
  
  optional_policy(`
author	Dan Walsh <dwalsh@redhat.com>
	Wed, 13 Jul 2011 15:25:02 +0000 (11:25 -0400)
committer	Dan Walsh <dwalsh@redhat.com>
	Wed, 13 Jul 2011 15:25:02 +0000 (11:25 -0400)
policy/modules/system/init.if		patch \| blob \| blame \| history
policy/modules/system/init.te		patch \| blob \| blame \| history