From e7477bd5267962e64f9ece42c010b4ce9edbce42 Mon Sep 17 00:00:00 2001
From: Pat Riehecky <riehecky@fnal.gov>
Date: Tue, 18 Feb 2025 14:01:26 -0600
Subject: [PATCH] Permit init_t (systemd) to start a detached screen/tmux
 session

---
 policy/modules/apps/screen.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/apps/screen.te b/policy/modules/apps/screen.te
index 2061b18ff6..8451a9483f 100644
--- a/policy/modules/apps/screen.te
+++ b/policy/modules/apps/screen.te
@@ -35,6 +35,8 @@ allow screen_domain self:fifo_file rw_fifo_file_perms;
 allow screen_domain self:tcp_socket { accept listen };
 allow screen_domain self:unix_stream_socket { accept connectto listen };
 
+allow init_t screen_exec_t:file { execute execute_no_trans open read };
+
 manage_dirs_pattern(screen_domain, screen_tmp_t, screen_tmp_t)
 manage_files_pattern(screen_domain, screen_tmp_t, screen_tmp_t)
 manage_fifo_files_pattern(screen_domain, screen_tmp_t, screen_tmp_t)