Workaround Fedora selinux preventing shutdown

Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2185490 QubesOS/qubes-issues#8069
marmarek · Apr 10, 2023 · 6e7956c · 6e7956c
1 parent a07da3b
commit 6e7956c
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/selinux/qubes-misc.te b/selinux/qubes-misc.te
@@ -1,6 +1,9 @@
 policy_module(qubes-misc,0.0.1)
 require {
 	attribute domain;
+	type kernel_systemctl_t;
+	type system_dbusd_t;
+	type system_dbusd_var_run_t;
 	type systemd_modules_load_t;
 	type iptables_t, xen_device_t;
 	type local_login_t, init_t;
@@ -9,6 +12,9 @@ require {
 	class service { start };
 	class fifo_file { write };
 	class process { transition };
+	class dir search;
+	class sock_file write;
+	class unix_stream_scoket connectto;
 }
 
 type qubes_var_run_t;
@@ -17,3 +23,8 @@ allow iptables_t xen_device_t:chr_file { read write };
 allow local_login_t init_t: service { start };
 allow rpmdb_t user_tmp_t:fifo_file { write };
 allow { init_t unconfined_service_t } domain:process transition;
+
+# workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2185490
+allow kernel_systemctl_t system_dbusd_var_run_t:dir search;
+allow kernel_systemctl_t system_dbusd_var_run_t:sock_file write;
+allow kernel_systemctl_t system_dbusd_t:unix_stream_socket connectto;