Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date: Mon, 05 Jun 2017 17:26:15
Message-Id: 1496682978.2873694ba1cc11acf324afb6778b947452d060ec.perfinion@gentoo
1 commit: 2873694ba1cc11acf324afb6778b947452d060ec
2 Author: Jason Zaman <jason <AT> perfinion <DOT> com>
3 AuthorDate: Sun Jun 4 15:23:48 2017 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Mon Jun 5 17:16:18 2017 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=2873694b
7
8 consolekit: introduce consolekit_use_inhibit_lock interface
9
10 Applications hold FDs while they hold the lock.
11 Implements this API:
12 https://www.freedesktop.org/wiki/Software/systemd/inhibit/
13
14 policy/modules/contrib/consolekit.if | 23 +++++++++++++++++++++++
15 1 file changed, 23 insertions(+)
16
17 diff --git a/policy/modules/contrib/consolekit.if b/policy/modules/contrib/consolekit.if
18 index 5b830ec9..e5cc8434 100644
19 --- a/policy/modules/contrib/consolekit.if
20 +++ b/policy/modules/contrib/consolekit.if
21 @@ -42,6 +42,29 @@ interface(`consolekit_dbus_chat',`
22
23 ########################################
24 ## <summary>
25 +## Use consolekit inhibit locks.
26 +##
27 +## The program gets passed an FD to a fifo_file to hold.
28 +## When the application is done with the lock, it closes the FD.
29 +## Implements this API: https://www.freedesktop.org/wiki/Software/systemd/inhibit/
30 +## </summary>
31 +## <param name="domain">
32 +## <summary>
33 +## Domain allowed access.
34 +## </summary>
35 +## </param>
36 +#
37 +interface(`consolekit_use_inhibit_lock',`
38 + gen_require(`
39 + type consolekit_t, consolekit_var_run_t;
40 + ')
41 +
42 + allow $1 consolekit_t:fd use;
43 + allow $1 consolekit_var_run_t:fifo_file rw_inherited_fifo_file_perms;
44 +')
45 +
46 +########################################
47 +## <summary>
48 ## Read consolekit log files.
49 ## </summary>
50 ## <param name="domain">
Report Message
Find on MARC Find on Google Groups