Gentoo Archives: gentoo-commits

From:	Jason Zaman <perfinion@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date:	Sat, 09 Sep 2017 02:43:05
Message-Id:	`1504910931.59f50e30e06ae7cd6351301188d46b7be6b705f2.perfinion@gentoo`

1	commit: 59f50e30e06ae7cd6351301188d46b7be6b705f2
2	Author: Tom Gundersen <teg <AT> jklm <DOT> no>
3	AuthorDate: Sat Aug 12 18:10:09 2017 +0000
4	Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5	CommitDate: Fri Sep 8 22:48:51 2017 +0000
6	URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=59f50e30
7
8	dbus: add policy for dbus-broker
9
10	dbus-broker is a drop in replacement for dbus-daemon. It can therefore
11	mostly simply rely on the existing dbus policy module. However, it also
12	needs to have its binaries labeled correctly, and it needs permission to
13	perform the D-Bus method call StartTransientUnit on PID1, which
14	dbus-daemon did not.
15
16	For details see <https://github.com/bus1/dbus-broker/wiki>.
17
18	policy/modules/contrib/dbus.fc \| 2 ++
19	policy/modules/contrib/dbus.te \| 1 +
20	2 files changed, 3 insertions(+)
21
22	diff --git a/policy/modules/contrib/dbus.fc b/policy/modules/contrib/dbus.fc
23	index eba45221..c18fd7fd 100644
24	--- a/policy/modules/contrib/dbus.fc
25	+++ b/policy/modules/contrib/dbus.fc
26	@@ -8,6 +8,8 @@ HOME_DIR/\.dbus(/.*)? gen_context(system_u:object_r:session_dbusd_home_t,s0)
27	/run/user/%{USERID}/dbus-1(/.*)? gen_context(system_u:object_r:session_dbusd_runtime_t,s0)
28
29	/usr/bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:dbusd_exec_t,s0)
30	+/usr/bin/dbus-broker-launch -- gen_context(system_u:object_r:dbusd_exec_t,s0) # needed by dbus-broker
31	+/usr/bin/dbus-broker -- gen_context(system_u:object_r:dbusd_exec_t,s0) # needed by dbus-broker
32
33	/usr/lib/dbus-.*/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
34
35
36	diff --git a/policy/modules/contrib/dbus.te b/policy/modules/contrib/dbus.te
37	index 280dd8de..bd8a7d54 100644
38	--- a/policy/modules/contrib/dbus.te
39	+++ b/policy/modules/contrib/dbus.te
40	@@ -133,6 +133,7 @@ auth_read_pam_console_data(system_dbusd_t)
41	init_use_fds(system_dbusd_t)
42	init_use_script_ptys(system_dbusd_t)
43	init_all_labeled_script_domtrans(system_dbusd_t)
44	+init_start_system(system_dbusd_t) # needed by dbus-broker
45
46	logging_send_audit_msgs(system_dbusd_t)
47	logging_send_syslog_msg(system_dbusd_t)

Report Message

Find on MARC Find on Google Groups