All of lore.kernel.org
 help / color / mirror / Atom feed
* [refpolicy] [PATCH] Changes to the userdomain policy module
@ 2012-10-08 17:44 Dominick Grift
  2012-10-09 15:22 ` Christopher J. PeBenito
  0 siblings, 1 reply; 4+ messages in thread
From: Dominick Grift @ 2012-10-08 17:44 UTC (permalink / raw)
  To: refpolicy


Remove evolution and evolution alarm dbus chat from common user template
since callers of the evolution role are now allowed to dbus chat to
evolution and evolution alarm.

Common users need to be able to dbus chat with policykit and consolekit

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index e720dcd..5f6c1cf 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -597,8 +597,7 @@
 		')
 
 		optional_policy(`
-			evolution_dbus_chat($1_t)
-			evolution_alarm_dbus_chat($1_t)
+			consolekit_dbus_chat($1_t)
 		')
 
 		optional_policy(`
@@ -612,6 +611,10 @@
 		optional_policy(`
 			networkmanager_dbus_chat($1_t)
 		')
+
+		optional_policy(`
+			policykit_dbus_chat($1_t)
+		')
 	')
 
 	optional_policy(`

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [refpolicy] [PATCH] Changes to the userdomain policy module
  2012-10-08 17:44 [refpolicy] [PATCH] Changes to the userdomain policy module Dominick Grift
@ 2012-10-09 15:22 ` Christopher J. PeBenito
  0 siblings, 0 replies; 4+ messages in thread
From: Christopher J. PeBenito @ 2012-10-09 15:22 UTC (permalink / raw)
  To: refpolicy

On 10/08/12 13:44, Dominick Grift wrote:
> 
> Remove evolution and evolution alarm dbus chat from common user template
> since callers of the evolution role are now allowed to dbus chat to
> evolution and evolution alarm.
> 
> Common users need to be able to dbus chat with policykit and consolekit
> 
> Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
> index e720dcd..5f6c1cf 100644
> --- a/policy/modules/system/userdomain.if
> +++ b/policy/modules/system/userdomain.if
> @@ -597,8 +597,7 @@
>  		')
>  
>  		optional_policy(`
> -			evolution_dbus_chat($1_t)
> -			evolution_alarm_dbus_chat($1_t)
> +			consolekit_dbus_chat($1_t)
>  		')
>  
>  		optional_policy(`
> @@ -612,6 +611,10 @@
>  		optional_policy(`
>  			networkmanager_dbus_chat($1_t)
>  		')
> +
> +		optional_policy(`
> +			policykit_dbus_chat($1_t)
> +		')
>  	')
>  
>  	optional_policy(`

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [refpolicy] [PATCH] Changes to the userdomain policy module
  2012-12-17 20:07 Dominick Grift
@ 2013-01-03 15:54 ` Christopher J. PeBenito
  0 siblings, 0 replies; 4+ messages in thread
From: Christopher J. PeBenito @ 2013-01-03 15:54 UTC (permalink / raw)
  To: refpolicy

On 12/17/12 15:07, Dominick Grift wrote:
> 
> Make sure various virt user home content gets created with a type
> transition and proper file contexts for common users
> 
> Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
> index 6d4424b..3c5dba7 100644
> --- a/policy/modules/system/userdomain.if
> +++ b/policy/modules/system/userdomain.if
> @@ -712,6 +712,14 @@
>  	optional_policy(`
>  		usernetctl_run($1_t, $1_r)
>  	')
> +
> +	optional_policy(`
> +		virt_home_filetrans_virt_home($1_t, dir, ".libvirt")
> +		virt_home_filetrans_virt_home($1_t, dir, ".virtinst")
> +		virt_home_filetrans_virt_content($1_t, dir, "isos")
> +		virt_home_filetrans_svirt_home($1_t, dir, "qemu")
> +		virt_home_filetrans_virt_home($1_t, dir, "VirtualMachines")	
> +	')

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [refpolicy] [PATCH] Changes to the userdomain policy module
@ 2012-12-17 20:07 Dominick Grift
  2013-01-03 15:54 ` Christopher J. PeBenito
  0 siblings, 1 reply; 4+ messages in thread
From: Dominick Grift @ 2012-12-17 20:07 UTC (permalink / raw)
  To: refpolicy


Make sure various virt user home content gets created with a type
transition and proper file contexts for common users

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 6d4424b..3c5dba7 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -712,6 +712,14 @@
 	optional_policy(`
 		usernetctl_run($1_t, $1_r)
 	')
+
+	optional_policy(`
+		virt_home_filetrans_virt_home($1_t, dir, ".libvirt")
+		virt_home_filetrans_virt_home($1_t, dir, ".virtinst")
+		virt_home_filetrans_virt_content($1_t, dir, "isos")
+		virt_home_filetrans_svirt_home($1_t, dir, "qemu")
+		virt_home_filetrans_virt_home($1_t, dir, "VirtualMachines")	
+	')
 ')
 
 #######################################

^ permalink raw reply related	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-01-03 15:54 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-10-08 17:44 [refpolicy] [PATCH] Changes to the userdomain policy module Dominick Grift
2012-10-09 15:22 ` Christopher J. PeBenito
2012-12-17 20:07 Dominick Grift
2013-01-03 15:54 ` Christopher J. PeBenito

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.