Allow systemd-tmpfiles to change user identity in object contexts

author Miroslav Grepl <mgrepl@redhat.com>

Mon, 5 Dec 2011 11:04:44 +0000 (12:04 +0100)

committer Miroslav Grepl <mgrepl@redhat.com>

Mon, 5 Dec 2011 11:04:44 +0000 (12:04 +0100)
author Miroslav Grepl <mgrepl@redhat.com>
Mon, 5 Dec 2011 11:04:44 +0000 (12:04 +0100)
committer Miroslav Grepl <mgrepl@redhat.com>
Mon, 5 Dec 2011 11:04:44 +0000 (12:04 +0100)
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te

index d237d7af0a4e623ee6c65520fd9316a2fae67292..9e0812572e7a94fec67f3eedba4b72f3ecd46bb9 100644 (file)
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -199,6 +199,8 @@ files_delete_kernel_modules(systemd_tmpfiles_t)
  
  dev_write_kmsg(systemd_tmpfiles_t)
  
+domain_obj_id_change_exemption(systemd_tmpfiles_t)
+
  # systemd-tmpfiles relabel /run/lock and creates /run/lock/lockdev
  fs_manage_tmpfs_dirs(systemd_tmpfiles_t)
  fs_relabel_tmpfs_dirs(systemd_tmpfiles_t)
author	Miroslav Grepl <mgrepl@redhat.com>
	Mon, 5 Dec 2011 11:04:44 +0000 (12:04 +0100)
committer	Miroslav Grepl <mgrepl@redhat.com>
	Mon, 5 Dec 2011 11:04:44 +0000 (12:04 +0100)