* [refpolicy] [PATCH] Call systemd_write_inherited_logind_inhibit_pipes() where needed
@ 2017-12-11 10:23 Laurent Bigonville
2017-12-12 0:16 ` Chris PeBenito
0 siblings, 1 reply; 2+ messages in thread
From: Laurent Bigonville @ 2017-12-11 10:23 UTC (permalink / raw)
To: refpolicy
From: Laurent Bigonville <bigon@bigon.be>
Multiple domains need to talk to logind to set inhibits
---
dbus.te | 2 +-
devicekit.te | 4 ++++
modemmanager.te | 4 ++++
networkmanager.te | 1 +
virt.te | 4 ++++
5 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/dbus.te b/dbus.te
index 5f2199c..282eba4 100644
--- a/dbus.te
+++ b/dbus.te
@@ -158,8 +158,8 @@ ifdef(`init_systemd', `
optional_policy(`
# for /run/systemd/users/*
systemd_read_logind_pids(system_dbusd_t)
+ systemd_write_inherited_logind_inhibit_pipes(system_dbusd_t)
systemd_write_inherited_logind_sessions_pipes(system_dbusd_t)
- systemd_write_logind_pid_pipes(system_dbusd_t)
')
optional_policy(`
diff --git a/devicekit.te b/devicekit.te
index 1730193..53dff76 100644
--- a/devicekit.te
+++ b/devicekit.te
@@ -344,6 +344,10 @@ optional_policy(`
readahead_domtrans(devicekit_power_t)
')
+optional_policy(`
+ systemd_write_inherited_logind_inhibit_pipes(devicekit_power_t)
+')
+
optional_policy(`
udev_read_db(devicekit_power_t)
udev_manage_pid_files(devicekit_power_t)
diff --git a/modemmanager.te b/modemmanager.te
index 8dcbeea..9e064a4 100644
--- a/modemmanager.te
+++ b/modemmanager.te
@@ -56,3 +56,7 @@ optional_policy(`
udev_read_db(modemmanager_t)
udev_manage_pid_files(modemmanager_t)
')
+
+optional_policy(`
+ systemd_write_inherited_logind_inhibit_pipes(modemmanager_t)
+')
diff --git a/networkmanager.te b/networkmanager.te
index 985f734..eb437e8 100644
--- a/networkmanager.te
+++ b/networkmanager.te
@@ -345,6 +345,7 @@ optional_policy(`
optional_policy(`
systemd_read_logind_sessions_files(NetworkManager_t)
+ systemd_write_inherited_logind_inhibit_pipes(NetworkManager_t)
')
optional_policy(`
diff --git a/virt.te b/virt.te
index 8528761..3bb9b25 100644
--- a/virt.te
+++ b/virt.te
@@ -813,6 +813,10 @@ optional_policy(`
sasl_connect(virtd_t)
')
+optional_policy(`
+ systemd_write_inherited_logind_inhibit_pipes(virtd_t)
+')
+
optional_policy(`
kernel_read_xen_state(virtd_t)
kernel_write_xen_state(virtd_t)
--
2.15.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [refpolicy] [PATCH] Call systemd_write_inherited_logind_inhibit_pipes() where needed
2017-12-11 10:23 [refpolicy] [PATCH] Call systemd_write_inherited_logind_inhibit_pipes() where needed Laurent Bigonville
@ 2017-12-12 0:16 ` Chris PeBenito
0 siblings, 0 replies; 2+ messages in thread
From: Chris PeBenito @ 2017-12-12 0:16 UTC (permalink / raw)
To: refpolicy
On 12/11/2017 05:23 AM, Laurent Bigonville via refpolicy wrote:
> From: Laurent Bigonville <bigon@bigon.be>
>
> Multiple domains need to talk to logind to set inhibits
> ---
> dbus.te | 2 +-
> devicekit.te | 4 ++++
> modemmanager.te | 4 ++++
> networkmanager.te | 1 +
> virt.te | 4 ++++
> 5 files changed, 14 insertions(+), 1 deletion(-)
>
> diff --git a/dbus.te b/dbus.te
> index 5f2199c..282eba4 100644
> --- a/dbus.te
> +++ b/dbus.te
> @@ -158,8 +158,8 @@ ifdef(`init_systemd', `
> optional_policy(`
> # for /run/systemd/users/*
> systemd_read_logind_pids(system_dbusd_t)
> + systemd_write_inherited_logind_inhibit_pipes(system_dbusd_t)
> systemd_write_inherited_logind_sessions_pipes(system_dbusd_t)
> - systemd_write_logind_pid_pipes(system_dbusd_t)
> ')
>
> optional_policy(`
> diff --git a/devicekit.te b/devicekit.te
> index 1730193..53dff76 100644
> --- a/devicekit.te
> +++ b/devicekit.te
> @@ -344,6 +344,10 @@ optional_policy(`
> readahead_domtrans(devicekit_power_t)
> ')
>
> +optional_policy(`
> + systemd_write_inherited_logind_inhibit_pipes(devicekit_power_t)
> +')
> +
> optional_policy(`
> udev_read_db(devicekit_power_t)
> udev_manage_pid_files(devicekit_power_t)
> diff --git a/modemmanager.te b/modemmanager.te
> index 8dcbeea..9e064a4 100644
> --- a/modemmanager.te
> +++ b/modemmanager.te
> @@ -56,3 +56,7 @@ optional_policy(`
> udev_read_db(modemmanager_t)
> udev_manage_pid_files(modemmanager_t)
> ')
> +
> +optional_policy(`
> + systemd_write_inherited_logind_inhibit_pipes(modemmanager_t)
> +')
> diff --git a/networkmanager.te b/networkmanager.te
> index 985f734..eb437e8 100644
> --- a/networkmanager.te
> +++ b/networkmanager.te
> @@ -345,6 +345,7 @@ optional_policy(`
>
> optional_policy(`
> systemd_read_logind_sessions_files(NetworkManager_t)
> + systemd_write_inherited_logind_inhibit_pipes(NetworkManager_t)
> ')
>
> optional_policy(`
> diff --git a/virt.te b/virt.te
> index 8528761..3bb9b25 100644
> --- a/virt.te
> +++ b/virt.te
> @@ -813,6 +813,10 @@ optional_policy(`
> sasl_connect(virtd_t)
> ')
>
> +optional_policy(`
> + systemd_write_inherited_logind_inhibit_pipes(virtd_t)
> +')
> +
> optional_policy(`
> kernel_read_xen_state(virtd_t)
> kernel_write_xen_state(virtd_t)
Merged.
--
Chris PeBenito
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-12-12 0:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-12-11 10:23 [refpolicy] [PATCH] Call systemd_write_inherited_logind_inhibit_pipes() where needed Laurent Bigonville
2017-12-12 0:16 ` Chris PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.