Skip to content

Instantly share code, notes, and snippets.

@enmyj
Created November 23, 2024 04:32
Show Gist options
  • Save enmyj/0c459862a6dae8f8c8c5761e3a2daea1 to your computer and use it in GitHub Desktop.
Save enmyj/0c459862a6dae8f8c8c5761e3a2daea1 to your computer and use it in GitHub Desktop.
Fedora Hibernate
#!/usr/bin/bash
set -eou pipefail
cd "$(mktemp -dt)"
cat <<-EOF | tee systemd_hibernate.te
module systemd_hibernate 1.0;
require {
type systemd_sleep_t;
type systemd_logind_t;
type swapfile_t;
type unlabeled_t;
type efivarfs_t;
type init_var_lib_t;
type systemd_unit_file_t;
type udev_var_run_t;
class service { start stop };
class file { create setattr getattr ioctl open read write };
class dir { add_name create search write };
}
#============= systemd_sleep_t ==============
allow systemd_sleep_t init_var_lib_t:dir { add_name create write };
allow systemd_sleep_t init_var_lib_t:file { create getattr ioctl open read write };
allow systemd_sleep_t systemd_unit_file_t:service { start stop };
allow systemd_sleep_t udev_var_run_t:file { getattr open read };
allow systemd_sleep_t unlabeled_t:dir search;
allow systemd_sleep_t swapfile_t:dir search;
allow systemd_logind_t swapfile_t:dir search;
allow systemd_sleep_t efivarfs_t:file { create setattr getattr ioctl open read write };
allow systemd_sleep_t efivarfs_t:dir { add_name create write };
EOF
checkmodule -M -m -o systemd_hibernate.mod systemd_hibernate.te
semodule_package -o systemd_hibernate.pp -m systemd_hibernate.mod
sudo semodule -i systemd_hibernate.pp
cd -
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment