[refpolicy] [ screen patch 1/1] Add screen-locking functionality. Signed-off-by: Dominick Grift <domg472 at gmail.com>

Dominick Grift domg472 at gmail.com
Thu Oct 22 08:56:36 CDT 2009


On Thu, Oct 22, 2009 at 09:53:01AM -0400, Christopher J. PeBenito wrote:
> On Thu, 2009-10-22 at 11:14 +0200, Dominick Grift wrote:
> > @@ -146,4 +148,8 @@ template(`screen_role_template',`
> >  		fs_list_nfs($1_screen_t)
> >  		fs_read_nfs_symlinks($1_screen_t)
> >  	')
> > +
> > +	optional_policy(`
> > +		dbus_system_bus_client($1_screen_t)
> > +	')
> 
> Is this an unrelated change?

No it is related:

allow dgrift_screen_t chkpwd_exec_t:file { read execute open execute_no_trans };
allow dgrift_screen_t self:capability { audit_write dac_override };
allow dgrift_screen_t self:fifo_file { write read ioctl };
allow dgrift_screen_t self:netlink_audit_socket { nlmsg_relay write create read };
allow dgrift_screen_t system_dbusd_t:unix_stream_socket connectto;
allow dgrift_screen_t system_dbusd_var_run_t:sock_file write;

This is all related to screen-locking
> 
> -- 
> Chris PeBenito
> Tresys Technology, LLC
> (410) 290-1411 x150
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20091022/0705dba1/attachment.bin 


More information about the refpolicy mailing list