commit: dac8485843d36744488e0b72cde9b04ad459f5a7
Author: Rahul Sandhu <rahul <AT> sandhuservices <DOT> dev>
AuthorDate: Tue Dec 10 16:05:19 2024 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Dec 15 00:19:42 2024 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=dac84858
authlogin: connect to nsresourced
Container UID/GID lookups for utilities such as nspawn require nss
clients to be able to make nsresourced lookups.
Signed-off-by: Rahul Sandhu <rahul <AT> sandhuservices.dev>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/system/authlogin.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/system/authlogin.te
b/policy/modules/system/authlogin.te
index 4b8c5fa2a..b3574e1db 100644
--- a/policy/modules/system/authlogin.te
+++ b/policy/modules/system/authlogin.te
@@ -477,6 +477,7 @@ sysnet_dns_name_resolve(nsswitch_domain)
ifdef(`init_systemd', `
systemd_stream_connect_userdb(nsswitch_domain)
systemd_stream_connect_homed(nsswitch_domain)
+ systemd_stream_connect_nsresourced(nsswitch_domain)
')
tunable_policy(`authlogin_nsswitch_use_ldap',`
