1 |
commit: 2873694ba1cc11acf324afb6778b947452d060ec |
2 |
Author: Jason Zaman <jason <AT> perfinion <DOT> com> |
3 |
AuthorDate: Sun Jun 4 15:23:48 2017 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Jun 5 17:16:18 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=2873694b |
7 |
|
8 |
consolekit: introduce consolekit_use_inhibit_lock interface |
9 |
|
10 |
Applications hold FDs while they hold the lock. |
11 |
Implements this API: |
12 |
https://www.freedesktop.org/wiki/Software/systemd/inhibit/ |
13 |
|
14 |
policy/modules/contrib/consolekit.if | 23 +++++++++++++++++++++++ |
15 |
1 file changed, 23 insertions(+) |
16 |
|
17 |
diff --git a/policy/modules/contrib/consolekit.if b/policy/modules/contrib/consolekit.if |
18 |
index 5b830ec9..e5cc8434 100644 |
19 |
--- a/policy/modules/contrib/consolekit.if |
20 |
+++ b/policy/modules/contrib/consolekit.if |
21 |
@@ -42,6 +42,29 @@ interface(`consolekit_dbus_chat',` |
22 |
|
23 |
######################################## |
24 |
## <summary> |
25 |
+## Use consolekit inhibit locks. |
26 |
+## |
27 |
+## The program gets passed an FD to a fifo_file to hold. |
28 |
+## When the application is done with the lock, it closes the FD. |
29 |
+## Implements this API: https://www.freedesktop.org/wiki/Software/systemd/inhibit/ |
30 |
+## </summary> |
31 |
+## <param name="domain"> |
32 |
+## <summary> |
33 |
+## Domain allowed access. |
34 |
+## </summary> |
35 |
+## </param> |
36 |
+# |
37 |
+interface(`consolekit_use_inhibit_lock',` |
38 |
+ gen_require(` |
39 |
+ type consolekit_t, consolekit_var_run_t; |
40 |
+ ') |
41 |
+ |
42 |
+ allow $1 consolekit_t:fd use; |
43 |
+ allow $1 consolekit_var_run_t:fifo_file rw_inherited_fifo_file_perms; |
44 |
+') |
45 |
+ |
46 |
+######################################## |
47 |
+## <summary> |
48 |
## Read consolekit log files. |
49 |
## </summary> |
50 |
## <param name="domain"> |