diff options
| author |   Chris PeBenito <Christopher.PeBenito@microsoft.com> | 2019-04-19 11:50:59 -0400 |
|---|---|---|
| committer |   Jason Zaman <jason@perfinion.com> | 2019-04-28 18:00:55 +0800 |
| commit | 21cc848fadf0aab51a7af63066e5130187c96cb4 (patch) | |
| tree | aca38e9384bf0346580893c4439489bd3baae85b /config/appconfig-standard | |
| parent | devices: Change netcontrol devices to pmqos. (diff) | |
| download | hardened-refpolicy-21cc848fadf0aab51a7af63066e5130187c96cb4.tar.gz hardened-refpolicy-21cc848fadf0aab51a7af63066e5130187c96cb4.tar.bz2 hardened-refpolicy-21cc848fadf0aab51a7af63066e5130187c96cb4.zip | |
systemd: Add initial policy for systemd --user.
This is just a start; it does not cover all uses.
Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
Signed-off-by: Jason Zaman <jason@perfinion.com>
Diffstat (limited to 'config/appconfig-standard')
5 files changed, 5 insertions, 0 deletions
diff --git a/config/appconfig-standard/default_contexts b/config/appconfig-standard/default_contexts index fcc65d67..5afa8d2a 100644 --- a/config/appconfig-standard/default_contexts +++ b/config/appconfig-standard/default_contexts @@ -1,4 +1,5 @@ system_r:crond_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t unconfined_r:unconfined_t user_r:cronjob_t staff_r:cronjob_t sysadm_r:cronjob_t system_r:system_cronjob_t unconfined_r:unconfined_cronjob_t +system_r:init_t user_r:user_systemd_t staff_r:staff_systemd_t sysadm_r:sysadm_systemd_t unconfined_r:unconfined_t system_r:atd_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t unconfined_r:unconfined_t system_r:local_login_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t unconfined_r:unconfined_t system_r:remote_login_t user_r:user_t staff_r:staff_t unconfined_r:unconfined_t diff --git a/config/appconfig-standard/root_default_contexts b/config/appconfig-standard/root_default_contexts index f5225686..60080fb2 100644 --- a/config/appconfig-standard/root_default_contexts +++ b/config/appconfig-standard/root_default_contexts @@ -1,4 +1,5 @@ system_r:crond_t unconfined_r:unconfined_t sysadm_r:cronjob_t staff_r:cronjob_t user_r:cronjob_t +system_r:init_t unconfined_r:unconfined_t sysadm_r:sysadm_systemd_t staff_r:staff_systemd_t user_r:user_systemd_t system_r:local_login_t unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t staff_r:staff_su_t unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t diff --git a/config/appconfig-standard/staff_u_default_contexts b/config/appconfig-standard/staff_u_default_contexts index 382fe338..e44544f0 100644 --- a/config/appconfig-standard/staff_u_default_contexts +++ b/config/appconfig-standard/staff_u_default_contexts @@ -1,3 +1,4 @@ +system_r:init_t staff_r:staff_systemd_t sysadm_r:sysadm_systemd_t system_r:local_login_t staff_r:staff_t sysadm_r:sysadm_t system_r:remote_login_t staff_r:staff_t system_r:sshd_t staff_r:staff_t sysadm_r:sysadm_t diff --git a/config/appconfig-standard/unconfined_u_default_contexts b/config/appconfig-standard/unconfined_u_default_contexts index e340b219..2931e851 100644 --- a/config/appconfig-standard/unconfined_u_default_contexts +++ b/config/appconfig-standard/unconfined_u_default_contexts @@ -1,4 +1,5 @@ system_r:crond_t unconfined_r:unconfined_t unconfined_r:unconfined_cronjob_t +system_r:init_t unconfined_r:unconfined_t system_r:initrc_t unconfined_r:unconfined_t system_r:local_login_t unconfined_r:unconfined_t system_r:remote_login_t unconfined_r:unconfined_t diff --git a/config/appconfig-standard/user_u_default_contexts b/config/appconfig-standard/user_u_default_contexts index 63b7eecd..8b553c4b 100644 --- a/config/appconfig-standard/user_u_default_contexts +++ b/config/appconfig-standard/user_u_default_contexts @@ -1,3 +1,4 @@ +system_r:init_t user_r:user_systemd_t system_r:local_login_t user_r:user_t system_r:remote_login_t user_r:user_t system_r:sshd_t user_r:user_t |