[refpolicy] services_consolekit.patch
Daniel J Walsh
dwalsh at redhat.com
Tue Mar 24 08:31:38 CDT 2009
http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_consolekit.patch
New file context for consolekit.
Add interface to allow confined apps to read consolekit logs
userdomain and xserver do this.
consolkit execs shell
Dontaudit ptrace all domains
Reads usr_t files
Communicates with lots of domains via dbus
Uses polkit
Needs to read files in nfs and cifs homedirs.
More information about the refpolicy
mailing list