Allow udev to read systemd_login var_run files

diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if
index 9cc3fb6195ffdc5cc9bc387094fbf6b8e95522e6..94c26639674c321b192c0ceeb6b5bdd31804544f 100644 (file)
--- a/policy/modules/system/systemd.if
+++ b/policy/modules/system/systemd.if
@@ -108,6 +108,25 @@ interface(`systemd_dontaudit_read_unit_files',`
         dontaudit $1 systemd_unit_file_type:file read_file_perms;
 ')
 
+######################################
+## <summary>
+##     Read systemd_login PID files.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+interface(`systemd_login_read_pid_files',`
+       gen_require(`
+               type systemd_login_var_run_t;
+       ')
+
+       files_search_pids($1)
+       read_files_pattern($1, systemd_login_var_run_t, systemd_login_var_run_t)
+')
+
 ######################################
 ## <summary>
 ##     Use and and inherited systemd

diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index ca207d708f7c5bc56ea8a5812f2c0a77121172b9..73c1dbc6936420a3a1a0ce910783847df14d51c7 100644 (file)
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -183,6 +183,8 @@ sysnet_signal_dhcpc(udev_t)
 sysnet_manage_config(udev_t)
 sysnet_etc_filetrans_config(udev_t)
 
+systemd_login_read_pid_files(udev_t)
+
 userdom_dontaudit_search_user_home_content(udev_t)
 
 ifdef(`distro_gentoo',`