Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <gentoo@×××××××××.com>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:userroles commit in: policy/modules/roles/
Date: Tue, 02 Dec 2014 13:38:21
Message-Id: 1417527306.59a3260e881ac62c74ff0882ea9945843614bfcf.perfinion@gentoo
1 commit: 59a3260e881ac62c74ff0882ea9945843614bfcf
2 Author: Jason Zaman <jason <AT> perfinion <DOT> com>
3 AuthorDate: Tue Dec 2 12:00:05 2014 +0000
4 Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
5 CommitDate: Tue Dec 2 13:35:06 2014 +0000
6 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=59a3260e
7
8 Allow users to talk to devicekit
9
10 Needed to read battery status and disk info.
11
12 type=USER_AVC msg=audit(1417367573.060:234): pid=3121 uid=101
13 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t
14 msg='avc: denied { send_msg } for msgtype=signal
15 interface=org.freedesktop.UPower member=DeviceChanged
16 dest=org.freedesktop.DBus spid=3606 tpid=3858
17 scontext=system_u:system_r:devicekit_power_t
18 tcontext=staff_u:staff_r:staff_t tclass=dbus exe="/usr/bin/dbus-daemon"
19 sauid=101 hostname=? addr=? terminal=?'
20
21 type=USER_AVC msg=audit(1417363447.011:103525): pid=3339 uid=101
22 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t
23 msg='avc: denied { send_msg } for msgtype=signal
24 interface=org.freedesktop.DBus.Properties member=PropertiesChanged
25 dest=org.freedesktop.DBus spid=4094 tpid=4090
26 scontext=system_u:system_r:devicekit_disk_t
27 tcontext=staff_u:staff_r:staff_t tclass=dbus exe="/usr/bin/dbus-daemon"
28 sauid=101 hostname=? addr=? terminal=?'
29
30 ---
31 policy/modules/roles/staff.te | 5 +++++
32 policy/modules/roles/unprivuser.te | 5 +++++
33 2 files changed, 10 insertions(+)
34
35 diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
36 index 70e5a75..ae8469c 100644
37 --- a/policy/modules/roles/staff.te
38 +++ b/policy/modules/roles/staff.te
39 @@ -200,6 +200,11 @@ ifdef(`distro_gentoo',`
40 ')
41
42 optional_policy(`
43 + devicekit_dbus_chat_disk(staff_t)
44 + devicekit_dbus_chat_power(staff_t)
45 + ')
46 +
47 + optional_policy(`
48 dropbox_role(staff_t, staff_r)
49 ')
50
51
52 diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
53 index b07fef1..255ceae 100644
54 --- a/policy/modules/roles/unprivuser.te
55 +++ b/policy/modules/roles/unprivuser.te
56 @@ -185,6 +185,11 @@ ifdef(`distro_gentoo',`
57 ')
58
59 optional_policy(`
60 + devicekit_dbus_chat_disk(user_t)
61 + devicekit_dbus_chat_power(user_t)
62 + ')
63 +
64 + optional_policy(`
65 dropbox_role(user_r, user_t)
66 ')
Report Message
Find on MARC Find on Google Groups