[refpolicy] [ screen patch 1/1] Add screen-locking functionality. Signed-off-by: Dominick Grift <domg472 at gmail.com>
Christopher J. PeBenito
cpebenito at tresys.com
Thu Oct 22 09:05:13 CDT 2009
On Thu, 2009-10-22 at 15:56 +0200, Dominick Grift wrote:
> On Thu, Oct 22, 2009 at 09:53:01AM -0400, Christopher J. PeBenito wrote:
> > On Thu, 2009-10-22 at 11:14 +0200, Dominick Grift wrote:
> > > @@ -146,4 +148,8 @@ template(`screen_role_template',`
> > > fs_list_nfs($1_screen_t)
> > > fs_read_nfs_symlinks($1_screen_t)
> > > ')
> > > +
> > > + optional_policy(`
> > > + dbus_system_bus_client($1_screen_t)
> > > + ')
> >
> > Is this an unrelated change?
>
> No it is related:
>
> allow dgrift_screen_t chkpwd_exec_t:file { read execute open execute_no_trans };
> allow dgrift_screen_t self:capability { audit_write dac_override };
> allow dgrift_screen_t self:fifo_file { write read ioctl };
> allow dgrift_screen_t self:netlink_audit_socket { nlmsg_relay write create read };
> allow dgrift_screen_t system_dbusd_t:unix_stream_socket connectto;
> allow dgrift_screen_t system_dbusd_var_run_t:sock_file write;
>
> This is all related to screen-locking
If dbus is required for screen locking, then the other rules should go
in the dbus optional, along with a comment about screen locking.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
More information about the refpolicy
mailing list