Allow systemd-tmpfiles to setattr for /run/user/gdm/dconf

diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if
index 787d49f8d757babf92eb3fd5d8641233b3d5d720..9b1de026a010e8722ed37f70210aff7222b34655 100644 (file)
--- a/policy/modules/apps/gnome.if
+++ b/policy/modules/apps/gnome.if
@@ -929,6 +929,24 @@ interface(`gnome_delete_home_config',`
     delete_files_pattern($1, config_home_t, config_home_t)
 ')
 
+#######################################
+## <summary>
+##  setattr gnome homedir content (.config)
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+interface(`gnome_setattr_home_config_dirs',`
+    gen_require(`
+        type config_home_t;
+    ')
+
+    setattr_dirs_pattern($1, config_home_t, config_home_t)
+')
+
 ########################################
 ## <summary>
 ##     manage gnome homedir content (.config)

diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index b7da77426a044538afa03aa214149e5a92bd4382..d237d7af0a4e623ee6c65520fd9316a2fae67292 100644 (file)
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -283,6 +283,7 @@ optional_policy(`
        # we have /run/user/$USER/dconf 
        gnome_delete_home_config(systemd_tmpfiles_t)
        gnome_delete_home_config_dirs(systemd_tmpfiles_t)
+       gnome_setattr_home_config_dirs(systemd_tmpfiles_t)
 ')
 
 optional_policy(`