[refpolicy] [PATCH 6/6] consolekit: Add support for consolekit2

Jason Zaman jason at perfinion.com
Sun May 7 17:43:43 UTC 2017


setattr chr_files is to setting dev nodes on login
rw sysfs and devicekit for suspend
fifo_files are for inhibit
connect to cgmanager to track sessions with cgroups
---
 consolekit.te | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/consolekit.te b/consolekit.te
index c99a6cb..d51634e 100644
--- a/consolekit.te
+++ b/consolekit.te
@@ -40,6 +40,7 @@ logging_log_filetrans(consolekit_t, consolekit_log_t, file)
 
 manage_dirs_pattern(consolekit_t, consolekit_var_run_t, consolekit_var_run_t)
 manage_files_pattern(consolekit_t, consolekit_var_run_t, consolekit_var_run_t)
+manage_fifo_files_pattern(consolekit_t, consolekit_var_run_t, consolekit_var_run_t)
 files_pid_filetrans(consolekit_t, consolekit_var_run_t, { dir file })
 
 kernel_read_system_state(consolekit_t)
@@ -53,7 +54,8 @@ corecmd_exec_bin(consolekit_t)
 corecmd_exec_shell(consolekit_t)
 
 dev_read_urand(consolekit_t)
-dev_read_sysfs(consolekit_t)
+dev_rw_sysfs(consolekit_t)
+dev_setattr_all_chr_files(consolekit_t)
 
 domain_read_all_domains_state(consolekit_t)
 domain_use_interactive_fds(consolekit_t)
@@ -104,6 +106,10 @@ tunable_policy(`use_samba_home_dirs',`
 ')
 
 optional_policy(`
+	cgmanager_stream_connect(consolekit_t)
+')
+
+optional_policy(`
 	dbus_read_lib_files(consolekit_t)
 	dbus_system_domain(consolekit_t, consolekit_exec_t)
 
@@ -125,6 +131,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	devicekit_manage_log_files(consolekit_t)
+')
+
+optional_policy(`
 	hal_ptrace(consolekit_t)
 ')
 
@@ -156,6 +166,7 @@ optional_policy(`
 optional_policy(`
 	udev_domtrans(consolekit_t)
 	udev_read_db(consolekit_t)
+	udev_read_pid_files(consolekit_t)
 	udev_signal(consolekit_t)
 ')
 
-- 
2.10.2



More information about the refpolicy mailing list