Created
November 23, 2024 04:32
-
-
Save enmyj/0c459862a6dae8f8c8c5761e3a2daea1 to your computer and use it in GitHub Desktop.
Fedora Hibernate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/bash | |
set -eou pipefail | |
cd "$(mktemp -dt)" | |
cat <<-EOF | tee systemd_hibernate.te | |
module systemd_hibernate 1.0; | |
require { | |
type systemd_sleep_t; | |
type systemd_logind_t; | |
type swapfile_t; | |
type unlabeled_t; | |
type efivarfs_t; | |
type init_var_lib_t; | |
type systemd_unit_file_t; | |
type udev_var_run_t; | |
class service { start stop }; | |
class file { create setattr getattr ioctl open read write }; | |
class dir { add_name create search write }; | |
} | |
#============= systemd_sleep_t ============== | |
allow systemd_sleep_t init_var_lib_t:dir { add_name create write }; | |
allow systemd_sleep_t init_var_lib_t:file { create getattr ioctl open read write }; | |
allow systemd_sleep_t systemd_unit_file_t:service { start stop }; | |
allow systemd_sleep_t udev_var_run_t:file { getattr open read }; | |
allow systemd_sleep_t unlabeled_t:dir search; | |
allow systemd_sleep_t swapfile_t:dir search; | |
allow systemd_logind_t swapfile_t:dir search; | |
allow systemd_sleep_t efivarfs_t:file { create setattr getattr ioctl open read write }; | |
allow systemd_sleep_t efivarfs_t:dir { add_name create write }; | |
EOF | |
checkmodule -M -m -o systemd_hibernate.mod systemd_hibernate.te | |
semodule_package -o systemd_hibernate.pp -m systemd_hibernate.mod | |
sudo semodule -i systemd_hibernate.pp | |
cd - |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment