[refpolicy] [ screen patch 1/1] Add screen-locking functionality. Signed-off-by: Dominick Grift <domg472 at gmail.com>

Dominick Grift domg472 at gmail.com
Thu Oct 22 04:14:29 CDT 2009


---
:100644 100644 ac70bc0... 7d2f797... M	policy/modules/apps/screen.if
 policy/modules/apps/screen.if |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/policy/modules/apps/screen.if b/policy/modules/apps/screen.if
index ac70bc0..7d2f797 100644
--- a/policy/modules/apps/screen.if
+++ b/policy/modules/apps/screen.if
@@ -45,6 +45,7 @@ template(`screen_role_template',`
 
 	allow $1_screen_t self:capability { setuid setgid fsetid };
 	allow $1_screen_t self:process signal_perms;
+	allow $1_screen_t self:fifo_file rw_fifo_file_perms;
 	allow $1_screen_t self:tcp_socket create_stream_socket_perms;
 	allow $1_screen_t self:udp_socket create_socket_perms;
 	# Internal screen networking
@@ -117,6 +118,7 @@ template(`screen_role_template',`
 	fs_search_auto_mountpoints($1_screen_t)
 	fs_getattr_xattr_fs($1_screen_t)
 
+	auth_domtrans_chk_passwd($1_screen_t)
 	auth_use_nsswitch($1_screen_t)
 	auth_dontaudit_read_shadow($1_screen_t)
 	auth_dontaudit_exec_utempter($1_screen_t)
@@ -146,4 +148,8 @@ template(`screen_role_template',`
 		fs_list_nfs($1_screen_t)
 		fs_read_nfs_symlinks($1_screen_t)
 	')
+
+	optional_policy(`
+		dbus_system_bus_client($1_screen_t)
+	')
 ')
-- 
1.6.5.rc2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20091022/b77a5084/attachment.bin 


More information about the refpolicy mailing list