| 1 |
commit: 0c11ce5d5e0d54d27e0607a746bab54a45ca09f3 |
| 2 |
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org> |
| 3 |
AuthorDate: Thu Feb 15 22:07:08 2018 +0000 |
| 4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun Feb 18 11:20:22 2018 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=0c11ce5d |
| 7 |
|
| 8 |
Misc dbus fixes from Russell Coker. |
| 9 |
|
| 10 |
policy/modules/system/init.te | 6 +++++- |
| 11 |
policy/modules/system/locallogin.te | 3 ++- |
| 12 |
policy/modules/system/systemd.te | 13 ++++++++++++- |
| 13 |
policy/modules/system/unconfined.te | 6 +++++- |
| 14 |
4 files changed, 24 insertions(+), 4 deletions(-) |
| 15 |
|
| 16 |
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te |
| 17 |
index 59c27676..846ab7b5 100644 |
| 18 |
--- a/policy/modules/system/init.te |
| 19 |
+++ b/policy/modules/system/init.te |
| 20 |
@@ -1,4 +1,4 @@ |
| 21 |
-policy_module(init, 2.4.0) |
| 22 |
+policy_module(init, 2.4.1) |
| 23 |
|
| 24 |
gen_require(` |
| 25 |
class passwd rootok; |
| 26 |
@@ -488,6 +488,10 @@ optional_policy(` |
| 27 |
|
| 28 |
optional_policy(` |
| 29 |
dbus_system_bus_client(init_t) |
| 30 |
+ |
| 31 |
+ optional_policy(` |
| 32 |
+ unconfined_dbus_send(init_t) |
| 33 |
+ ') |
| 34 |
') |
| 35 |
|
| 36 |
optional_policy(` |
| 37 |
|
| 38 |
diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te |
| 39 |
index 4ea6e87f..f7b428a7 100644 |
| 40 |
--- a/policy/modules/system/locallogin.te |
| 41 |
+++ b/policy/modules/system/locallogin.te |
| 42 |
@@ -1,4 +1,4 @@ |
| 43 |
-policy_module(locallogin, 1.17.0) |
| 44 |
+policy_module(locallogin, 1.17.1) |
| 45 |
|
| 46 |
######################################## |
| 47 |
# |
| 48 |
@@ -137,6 +137,7 @@ userdom_create_all_users_keys(local_login_t) |
| 49 |
ifdef(`init_systemd',` |
| 50 |
auth_manage_faillog(local_login_t) |
| 51 |
|
| 52 |
+ init_dbus_chat(local_login_t) |
| 53 |
systemd_dbus_chat_logind(local_login_t) |
| 54 |
systemd_use_logind_fds(local_login_t) |
| 55 |
systemd_manage_logind_pid_pipes(local_login_t) |
| 56 |
|
| 57 |
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te |
| 58 |
index a8d597b5..0f6b4a45 100644 |
| 59 |
--- a/policy/modules/system/systemd.te |
| 60 |
+++ b/policy/modules/system/systemd.te |
| 61 |
@@ -1,4 +1,4 @@ |
| 62 |
-policy_module(systemd, 1.5.0) |
| 63 |
+policy_module(systemd, 1.5.1) |
| 64 |
|
| 65 |
######################################### |
| 66 |
# |
| 67 |
@@ -308,6 +308,7 @@ systemd_log_parse_environment(systemd_hostnamed_t) |
| 68 |
optional_policy(` |
| 69 |
dbus_connect_system_bus(systemd_hostnamed_t) |
| 70 |
dbus_system_bus_client(systemd_hostnamed_t) |
| 71 |
+ init_dbus_chat(systemd_hostnamed_t) |
| 72 |
') |
| 73 |
|
| 74 |
optional_policy(` |
| 75 |
@@ -450,6 +451,8 @@ userdom_delete_all_user_runtime_files(systemd_logind_t) |
| 76 |
userdom_delete_all_user_runtime_named_pipes(systemd_logind_t) |
| 77 |
userdom_delete_all_user_runtime_named_sockets(systemd_logind_t) |
| 78 |
userdom_delete_all_user_runtime_symlinks(systemd_logind_t) |
| 79 |
+# user_tmp_t is for the dbus-1 directory |
| 80 |
+userdom_list_user_tmp(systemd_logind_t) |
| 81 |
userdom_manage_user_runtime_dirs(systemd_logind_t) |
| 82 |
userdom_manage_user_runtime_root_dirs(systemd_logind_t) |
| 83 |
userdom_mounton_user_runtime_dirs(systemd_logind_t) |
| 84 |
@@ -479,6 +482,10 @@ optional_policy(` |
| 85 |
devicekit_dbus_chat_power(systemd_logind_t) |
| 86 |
') |
| 87 |
|
| 88 |
+optional_policy(` |
| 89 |
+ modemmanager_dbus_chat(systemd_logind_t) |
| 90 |
+') |
| 91 |
+ |
| 92 |
optional_policy(` |
| 93 |
networkmanager_dbus_chat(systemd_logind_t) |
| 94 |
') |
| 95 |
@@ -749,6 +756,10 @@ optional_policy(` |
| 96 |
allow systemd_machined_t systemd_nspawn_t:dbus send_msg; |
| 97 |
|
| 98 |
dbus_system_bus_client(systemd_nspawn_t) |
| 99 |
+ |
| 100 |
+ optional_policy(` |
| 101 |
+ unconfined_dbus_send(systemd_machined_t) |
| 102 |
+ ') |
| 103 |
') |
| 104 |
|
| 105 |
optional_policy(` |
| 106 |
|
| 107 |
diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te |
| 108 |
index df06aa79..e4d9c1e9 100644 |
| 109 |
--- a/policy/modules/system/unconfined.te |
| 110 |
+++ b/policy/modules/system/unconfined.te |
| 111 |
@@ -1,4 +1,4 @@ |
| 112 |
-policy_module(unconfined, 3.10.0) |
| 113 |
+policy_module(unconfined, 3.10.1) |
| 114 |
|
| 115 |
######################################## |
| 116 |
# |
| 117 |
@@ -115,6 +115,10 @@ optional_policy(` |
| 118 |
lvm_run(unconfined_t, unconfined_r) |
| 119 |
') |
| 120 |
|
| 121 |
+optional_policy(` |
| 122 |
+ modemmanager_dbus_chat(unconfined_t) |
| 123 |
+') |
| 124 |
+ |
| 125 |
optional_policy(` |
| 126 |
modutils_run(unconfined_t, unconfined_r) |
| 127 |
') |
Archives