From: Dan Walsh <dwalsh@redhat.com>
Date: Wed, 13 Jul 2011 15:25:02 +0000 (-0400)
Subject: Systemd needs to impersonate cups, which means it needs to create tcp_sockets in... 
X-Git-Tag: 000~721
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2f0420e9d0132ad89d18e6846adef9fcc605b2c2;p=people%2Fstevee%2Fselinux-policy.git

Systemd needs to impersonate cups, which means it needs to create tcp_sockets in cups_t domain, as well as manage spool directories
---

diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index 2ae760f1..99fe8d14 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -259,6 +259,7 @@ interface(`init_daemon_domain',`
 	tunable_policy(`init_systemd',`
 		allow init_t $1:unix_stream_socket create_stream_socket_perms;
 		allow init_t $1:unix_dgram_socket create_socket_perms;
+		allow init_t $1:tcp_socket create_stream_socket_perms;
 		allow $1 init_t:unix_dgram_socket sendto;
 		dontaudit $1 init_t:unix_stream_socket { read ioctl getattr };
 	')
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index e30550a3..3e121544 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -997,6 +997,7 @@ optional_policy(`
 	lpd_list_spool(initrc_t)
 
 	lpd_read_config(initrc_t)
+	lpd_manage_spool(init_t)
 ')
 
 optional_policy(`