[refpolicy] [ patch 1/1] [RETRY] consoletype: needs to use system dbus file descriptors.

[Christopher J. PeBenito]

On 10/06/10 09:21, Dominick Grift wrote:
>
> Signed-off-by: Dominick Grift<domg472 at gmail.com>

Merged.

> :100644 100644 e41f830... 5b0021f... M	policy/modules/admin/consoletype.te
> :100644 100644 39e901a... 0d5711c... M	policy/modules/services/dbus.if
>   policy/modules/admin/consoletype.te |    4 ++++
>   policy/modules/services/dbus.if     |   18 ++++++++++++++++++
>   2 files changed, 22 insertions(+), 0 deletions(-)
>
> diff --git a/policy/modules/admin/consoletype.te b/policy/modules/admin/consoletype.te
> index e41f830..5b0021f 100644
> --- a/policy/modules/admin/consoletype.te
> +++ b/policy/modules/admin/consoletype.te
> @@ -75,6 +75,10 @@ optional_policy(`
>   ')
>
>   optional_policy(`
> +	dbus_use_system_bus_fds(consoletype_t)
> +')
> +
> +optional_policy(`
>   	files_read_etc_files(consoletype_t)
>   	firstboot_use_fds(consoletype_t)
>   	firstboot_rw_pipes(consoletype_t)
> diff --git a/policy/modules/services/dbus.if b/policy/modules/services/dbus.if
> index 39e901a..0d5711c 100644
> --- a/policy/modules/services/dbus.if
> +++ b/policy/modules/services/dbus.if
> @@ -445,6 +445,24 @@ interface(`dbus_system_domain',`
>
>   ########################################
>   ##<summary>
> +##	Use and inherit system DBUS file descriptors.
> +##</summary>
> +##<param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +##</param>
> +#
> +interface(`dbus_use_system_bus_fds',`
> +	gen_require(`
> +		type system_dbusd_t;
> +	')
> +
> +	allow $1 system_dbusd_t:fd use;
> +')
> +
> +########################################
> +##<summary>
>   ##	Dontaudit Read, and write system dbus TCP sockets.
>   ##</summary>
>   ##<param name="domain">
>
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com