Skip to content

Commit

Permalink
Add policy for systemd-import-generator
Browse files Browse the repository at this point in the history 
A new generator sytemd-import-generator has been added in systemd v257
to synthesize image download jobs. This provides functionality similar
to importctl, but is configured via the kernel command line and system
credentials. It may be used to automatically download sysext, confext,
portable service, nspawn container or vmspawn VM images at boot.
  • Loading branch information
@zpytela
zpytela committed Jan 2, 2025
1 parent 2bbb06e commit 21c58a1
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 0 deletions.
1 change: 1 addition & 0 deletions policy/modules/system/systemd.fc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@ HOME_DIR/\.config/systemd/user(/.*)? gen_context(system_u:object_r:systemd_unit
/usr/lib/systemd/system-generators/systemd-fstab-generator -- gen_context(system_u:object_r:systemd_fstab_generator_exec_t,s0)
/usr/lib/systemd/system-generators/systemd-getty-generator -- gen_context(system_u:object_r:systemd_getty_generator_exec_t,s0)
/usr/lib/systemd/system-generators/systemd-gpt-auto-generator -- gen_context(system_u:object_r:systemd_gpt_generator_exec_t,s0)
/usr/lib/systemd/system-generators/systemd-import-generator -- gen_context(system_u:object_r:systemd_import_generator_exec_t,s0)
/usr/lib/systemd/system-generators/systemd-rc-local-generator -- gen_context(system_u:object_r:systemd_rc_local_generator_exec_t,s0)
/usr/lib/systemd/system-generators/systemd-ssh-generator -- gen_context(system_u:object_r:systemd_ssh_generator_exec_t,s0)
/usr/lib/systemd/system-generators/systemd-sysv-generator -- gen_context(system_u:object_r:systemd_sysv_generator_exec_t,s0)
Expand Down
5 changes: 5 additions & 0 deletions policy/modules/system/systemd.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -208,6 +208,8 @@ systemd_generator_template(systemd_fstab_generator)
systemd_generator_template(systemd_getty_generator)
# gpt-generator
systemd_generator_template(systemd_gpt_generator)
# import-generator
systemd_generator_template(systemd_import_generator)
# rc-local-generator
systemd_generator_template(systemd_rc_local_generator)
# ssh-generator
Expand Down Expand Up @@ -1380,6 +1382,9 @@ optional_policy(`
### systemd rc_local generator
init_exec_script_files(systemd_rc_local_generator_t)

### systemd import generator
permissive systemd_import_generator_t;

### ssh generator
allow systemd_ssh_generator_t self:vsock_socket create;
allow systemd_ssh_generator_t vsock_device_t:chr_file { read_chr_file_perms };
Expand Down

0 comments on commit 21c58a1

Please sign in to comment.