[refpolicy] [PATCH 2/2] dbus: read user home content files

Guido Trentalancia guido at trentalancia.com
Mon Oct 9 19:03:48 UTC 2017



On the 9th of October 2017 19:56:00 CEST, Chris PeBenito <pebenito at ieee.org> wrote:
>On 10/06/2017 03:00 PM, Guido Trentalancia via refpolicy wrote:
>> Add permissions required to run Gnome (read user color management
>> files).
>> 
>> Signed-off-by: Guido Trentalancia <guido at trentalancia.com>
>> ---
>>   policy/modules/contrib/dbus.te |    2 ++
>>   1 file changed, 2 insertions(+)
>> 
>> --- a/policy/modules/contrib/dbus.te	2017-09-29 19:01:55.142455647
>+0200
>> +++ b/policy/modules/contrib/dbus.te	2017-10-06 00:04:54.272534259
>+0200
>> @@ -147,6 +147,8 @@ seutil_read_default_contexts(system_dbus
>>   userdom_dontaudit_use_unpriv_user_fds(system_dbusd_t)
>>   userdom_dontaudit_search_user_home_dirs(system_dbusd_t)
>>   
>> +userdom_read_user_home_content_files(system_dbusd_t)
>
>Does this not fit in with any of the XDG types instead?

I don't know, it needs to read a file in the ~/.local/share subdirectory. 

Is there a new specific interface for that? 

>>   ifdef(`init_systemd', `
>>   	# gdm3 causes system_dbusd_t to want this access
>>   	dev_rw_dri(system_dbusd_t)

Regards, 

Guido 


More information about the refpolicy mailing list