[refpolicy] Miscellaneous Patch for refpolicy

Christopher J. PeBenito cpebenito at tresys.com
Tue Aug 18 09:21:12 CDT 2009


On Tue, 2009-08-18 at 12:14 +0200, corentin.labbe wrote:
> Hello,
> 
> This is 3 patchs for miscellaneous things in refpolicy :
> 
> 1 A typo fix in policykit
> 
> 2 Portage need sys_nice capability when using PORTAGE_NICENESS in make.conf
> 
> 3 Dbus is installed in a path not listed in dbus.fc under Gentoo

These look ok, but please resubmit them with correct emails in the patch
and sent via git send-email.

> Cordially
> plain text document attachment (0001-Missing-comma-in-policykit.patch)
> >From 7b3b1877c3838f890a302eab315221da1e164d87 Mon Sep 17 00:00:00 2001
> From: root <root at Red.(none)>
> Date: Mon, 17 Aug 2009 17:19:39 +0200
> Subject: [PATCH 1/3] Missing comma in policykit
> 
> ---
>  policy/modules/services/policykit.if |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/policy/modules/services/policykit.if b/policy/modules/services/policykit.if
> index 1ade306..4dbbc70 100644
> --- a/policy/modules/services/policykit.if
> +++ b/policy/modules/services/policykit.if
> @@ -167,7 +167,7 @@ interface(`policykit_domtrans_resolve',`
>  
>  	domtrans_pattern($1, policykit_resolve_exec_t, policykit_resolve_t)
>  
> -	ps_process_pattern(policykit_resolve_t $1)
> +	ps_process_pattern(policykit_resolve_t, $1)
>  ')
>  
>  ########################################
> plain text document attachment
> (0002-portage-need-capability-sys_nice.patch)
> >From da774bab740d1568bb39bc0eed0c99390931def1 Mon Sep 17 00:00:00 2001
> From: root <root at Red.(none)>
> Date: Mon, 17 Aug 2009 17:22:24 +0200
> Subject: [PATCH 2/3] portage need capability sys_nice
> 
> ---
>  policy/modules/admin/portage.te |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te
> index 26b2572..1d176ab 100644
> --- a/policy/modules/admin/portage.te
> +++ b/policy/modules/admin/portage.te
> @@ -119,6 +119,7 @@ optional_policy(`
>  # - setfscreate for merging to live fs
>  # - setexec to run portage fetch
>  allow portage_t self:process { setfscreate setexec };
> +allow portage_t self:capability sys_nice;
>  
>  allow portage_t portage_log_t:file manage_file_perms;
>  logging_log_filetrans(portage_t, portage_log_t, file)
> plain text document attachment (0003-Gentoo-dbus-in-libexec.patch)
> >From 236b309278ae05e7d1cd6d4f678b5d8da52e0a07 Mon Sep 17 00:00:00 2001
> From: root <root at Red.(none)>
> Date: Mon, 17 Aug 2009 17:25:39 +0200
> Subject: [PATCH 3/3] Gentoo dbus in libexec
> 
> ---
>  policy/modules/services/dbus.fc |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/policy/modules/services/dbus.fc b/policy/modules/services/dbus.fc
> index a88652f..31b7e06 100644
> --- a/policy/modules/services/dbus.fc
> +++ b/policy/modules/services/dbus.fc
> @@ -6,6 +6,7 @@
>  
>  /lib/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>  /lib64/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/usr/libexec/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>  
>  /var/lib/dbus(/.*)?		gen_context(system_u:object_r:system_dbusd_var_lib_t,s0)
>  
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150



More information about the refpolicy mailing list