Merge pull request #857 from yizhao1/fix

systemd fixes

Author: pebenito

policy/modules/services/ntp.te

@@ -157,6 +157,7 @@ ifdef(`init_systemd',`
 	allow ntpd_t self:capability { fowner setpcap };
 	init_read_state(ntpd_t)
 	init_reload(ntpd_t)
+	init_watch_runtime_dirs(ntpd_t)
 	fs_watch_memory_pressure(ntpd_t)
 
 	# for /var/lib/systemd/clock

policy/modules/system/systemd.te

@@ -1760,12 +1760,14 @@ files_watch_runtime_dirs(systemd_resolved_t)
 files_list_runtime(systemd_resolved_t)
 
 fs_getattr_all_fs(systemd_resolved_t)
+fs_getattr_nsfs_files(systemd_resolved_t)
 fs_search_cgroup_dirs(systemd_resolved_t)
 fs_search_tmpfs(systemd_resolved_t)
 fs_search_ramfs(systemd_resolved_t)
 fs_watch_memory_pressure(systemd_resolved_t)
 
 init_dgram_send(systemd_resolved_t)
+init_watch_runtime_dirs(systemd_resolved_t)
 
 miscfiles_read_generic_certs(systemd_resolved_t)
 
@@ -1873,6 +1875,7 @@ allow systemd_sysusers_t self:unix_dgram_socket sendto;
 files_manage_etc_files(systemd_sysusers_t)
 
 fs_getattr_all_fs(systemd_sysusers_t)
+fs_getattr_nsfs_files(systemd_sysusers_t)
 fs_search_all(systemd_sysusers_t)
 
 kernel_read_kernel_sysctls(systemd_sysusers_t)
@@ -2065,6 +2068,7 @@ files_etc_filetrans(systemd_update_done_t, systemd_update_run_t, file)
 files_var_filetrans(systemd_update_done_t, systemd_update_run_t, file)
 
 fs_getattr_all_fs(systemd_update_done_t)
+fs_getattr_nsfs_files(systemd_update_done_t)
 fs_search_cgroup_dirs(systemd_update_done_t)
 
 kernel_read_kernel_sysctls(systemd_update_done_t)
@@ -2181,6 +2185,7 @@ files_read_etc_runtime_files(systemd_userdbd_t)
 files_read_usr_files(systemd_userdbd_t)
 
 fs_getattr_all_fs(systemd_userdbd_t)
+fs_getattr_nsfs_files(systemd_userdbd_t)
 fs_search_cgroup_dirs(systemd_userdbd_t)
 fs_read_efivarfs_files(systemd_userdbd_t)
 fs_watch_memory_pressure(systemd_userdbd_t)