Skip to content

Instantly share code, notes, and snippets.

@dmy3k
Last active June 18, 2023 11:13
Show Gist options
  • Save dmy3k/ecddd29b9a02d563439b35f699a8c40f to your computer and use it in GitHub Desktop.
Save dmy3k/ecddd29b9a02d563439b35f699a8c40f to your computer and use it in GitHub Desktop.
SElinux module for suspend-than-hibernate with systemd v253, fedora 38
cd "$(mktemp -dt)"
cat <<-EOF | tee systemd_sleep.te
module systemd_sleep 1.0;
require {
type systemd_sleep_t;
type systemd_unit_file_t;
type unlabeled_t;
type udev_var_run_t;
type init_var_lib_t;
class service { start stop };
class file { create getattr ioctl open read write };
class dir { add_name create search write };
}
#============= systemd_sleep_t ==============
allow systemd_sleep_t init_var_lib_t:dir { add_name create write };
allow systemd_sleep_t init_var_lib_t:file { create getattr ioctl open read write };
allow systemd_sleep_t systemd_unit_file_t:service { start stop };
allow systemd_sleep_t udev_var_run_t:file { getattr open read };
allow systemd_sleep_t unlabeled_t:dir search;
EOF
checkmodule -M -m -o systemd_sleep.mod systemd_sleep.te
semodule_package -o systemd_sleep.pp -m systemd_sleep.mod
sudo semodule -i systemd_sleep.pp
cd -
@dmy3k
Copy link
Author

dmy3k commented Jun 18, 2023

The following PRs merged in systemd v253 add possibility to hibernate on low battery charge within suspend-than-hibernate: #23895, #25374

In order to make it work with Fedora 38 we have to update SElinux policy to allow systemd_sleep

  • access /var/lib/systemd/sleep/battery_discharge_percentage_rate_per_hour
  • read battery info

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment