diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if index 35e6e7c2f8..4f6e99e58c 100644 --- a/policy/modules/system/authlogin.if +++ b/policy/modules/system/authlogin.if @@ -92,6 +92,7 @@ interface(`auth_use_pam_systemd',` systemd_dbus_chat_logind($1) systemd_read_logind_state($1) systemd_use_logind_fds($1) + systemd_connectto_logind_sockets($1) # to read /etc/machine-id files_read_etc_runtime_files($1) diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if index db6bd97523..0d77bd8ce7 100644 --- a/policy/modules/system/systemd.if +++ b/policy/modules/system/systemd.if @@ -1470,6 +1470,25 @@ interface(`systemd_use_logind_fds',` allow $1 systemd_logind_t:fd use; ') +###################################### +## +## Connect to systemd logind +## sockets. +## +## +## +## Domain allowed access. +## +## +# +interface(`systemd_connectto_logind_sockets',` + gen_require(` + type systemd_logind_t; + ') + + allow $1 systemd_logind_t:unix_stream_socket connectto; +') + ###################################### ## ## Watch logind sessions dirs.