selinux: Add network_exec label for systemd-networkd

This change adds the network_exec label to systemd-networkd and systemd-networkd-wait-online, which is what wicked currently has and gives access to /etc and DBUS.
bottlerocket-os · Aug 4, 2023 · da72038 · da72038
1 parent ef2fe10
commit da72038
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/packages/selinux-policy/fs.cil b/packages/selinux-policy/fs.cil
@@ -51,6 +51,7 @@
 (filecon "/.*/usr/sbin/chronyd" file clock_exec)
 (filecon "/.*/usr/sbin/wicked.*" file network_exec)
 (filecon "/.*/usr/libexec/wicked/bin/wicked.*" file network_exec)
+(filecon "/.*/usr/lib/systemd/systemd-networkd.*" file network_exec)
 (filecon "/.*/usr/bin/containerd.*" file runtime_exec)
 (filecon "/.*/usr/bin/docker.*" file runtime_exec)
 (filecon "/.*/usr/bin/host-ctr" file runtime_exec)