Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date: Mon, 05 Jun 2017 17:25:37
Message-Id: 1496682978.e2346cfeb76c46e1dbf2afc99f792f053693c899.perfinion@gentoo
1 commit: e2346cfeb76c46e1dbf2afc99f792f053693c899
2 Author: Guido Trentalancia <guido <AT> trentalancia <DOT> net>
3 AuthorDate: Thu May 25 11:23:26 2017 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Mon Jun 5 17:16:18 2017 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=e2346cfe
7
8 dbus: let session bus daemon manage user runtime dirs
9
10 Let the session dbus process manage user runtime directories (with
11 its own file type).
12
13 This is the fifth version (v5) of the patch, thanks to Dominick
14 Grift for revising the previous versions and suggesting improvements,
15 although unfortunately this new version needs to revert one of the
16 suggested amendments because it was misleading.
17
18 Signed-off-by: Guido Trentalancia <guido at trentalancia.com>
19
20 policy/modules/contrib/dbus.fc | 2 ++
21 policy/modules/contrib/dbus.te | 8 ++++++++
22 2 files changed, 10 insertions(+)
23
24 diff --git a/policy/modules/contrib/dbus.fc b/policy/modules/contrib/dbus.fc
25 index c2a15358..eba45221 100644
26 --- a/policy/modules/contrib/dbus.fc
27 +++ b/policy/modules/contrib/dbus.fc
28 @@ -4,6 +4,8 @@ HOME_DIR/\.dbus(/.*)? gen_context(system_u:object_r:session_dbusd_home_t,s0)
29
30 /run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
31 /run/messagebus\.pid -- gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
32 +/run/user/%{USERID}/bus -s gen_context(system_u:object_r:session_dbusd_runtime_t,s0)
33 +/run/user/%{USERID}/dbus-1(/.*)? gen_context(system_u:object_r:session_dbusd_runtime_t,s0)
34
35 /usr/bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:dbusd_exec_t,s0)
36
37
38 diff --git a/policy/modules/contrib/dbus.te b/policy/modules/contrib/dbus.te
39 index ca39fb6b..007de863 100644
40 --- a/policy/modules/contrib/dbus.te
41 +++ b/policy/modules/contrib/dbus.te
42 @@ -47,6 +47,9 @@ type system_dbusd_var_run_t;
43 files_pid_file(system_dbusd_var_run_t)
44 init_daemon_pid_file(system_dbusd_var_run_t, dir, "dbus")
45
46 +type session_dbusd_runtime_t;
47 +files_pid_file(session_dbusd_runtime_t)
48 +
49 ifdef(`enable_mcs',`
50 init_ranged_system_domain(system_dbusd_t, dbusd_exec_t, s0 - mcs_systemhigh)
51 ')
52 @@ -210,6 +213,11 @@ manage_dirs_pattern(session_bus_type, session_dbusd_tmp_t, session_dbusd_tmp_t)
53 manage_files_pattern(session_bus_type, session_dbusd_tmp_t, session_dbusd_tmp_t)
54 files_tmp_filetrans(session_bus_type, session_dbusd_tmp_t, { dir file })
55
56 +manage_dirs_pattern(session_bus_type, session_dbusd_runtime_t, session_dbusd_runtime_t)
57 +manage_files_pattern(session_bus_type, session_dbusd_runtime_t, session_dbusd_runtime_t)
58 +manage_sock_files_pattern(session_bus_type, session_dbusd_runtime_t, session_dbusd_runtime_t)
59 +userdom_user_runtime_filetrans(session_bus_type, session_dbusd_runtime_t, { dir file sock_file })
60 +
61 kernel_read_system_state(session_bus_type)
62 kernel_read_kernel_sysctls(session_bus_type)
Report Message
Find on MARC Find on Google Groups