Merge pull request #1080 from yizhao1/systemd

pebenito · web-flow · commit 9ada10471cd0 · 2026-02-08T09:10:43.000-05:00
systemd: set label for /run/userdb
diff --git a/policy/modules/system/systemd.fc b/policy/modules/system/systemd.fc
@@ -131,4 +131,6 @@ HOME_ROOT/.+\.home	--	gen_context(system_u:object_r:systemd_homed_storage_t,s0)
 /run/tmpfiles\.d	-d	gen_context(system_u:object_r:systemd_tmpfiles_conf_t,s0)
 /run/tmpfiles\.d/.*		<<none>>
 
+/run/userdb(/.*)?	gen_context(system_u:object_r:systemd_userdbd_runtime_t,s0)
+
 /var/log/journal(/.*)?		gen_context(system_u:object_r:systemd_journal_t,mls_systemhigh)
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
@@ -369,6 +369,7 @@ init_daemon_domain(systemd_userdbd_t, systemd_userdbd_exec_t)
 
 type systemd_userdbd_runtime_t alias systemd_userdb_runtime_t;
 files_runtime_file(systemd_userdbd_runtime_t)
+init_daemon_runtime_file(systemd_userdbd_runtime_t, dir, "userdb")
 
 type systemd_userdbd_unit_t;
 init_unit_file(systemd_userdbd_unit_t)
