2005-04-29 17:45:15 +00:00
|
|
|
#DESC dbus-daemon-1 server for dbus desktop bus protocol
|
|
|
|
|
#
|
|
|
|
|
# Author: Russell Coker <russell@coker.com.au>
|
|
|
|
|
|
|
|
|
|
dbusd_domain(system)
|
|
|
|
|
|
|
|
|
|
allow system_dbusd_t system_dbusd_var_run_t:sock_file create_file_perms;
|
|
|
|
|
|
|
|
|
|
ifdef(`pamconsole.te', `
|
|
|
|
|
r_dir_file(system_dbusd_t, pam_var_console_t)
|
|
|
|
|
')
|
|
|
|
|
|
|
|
|
|
# dac_override: /var/run/dbus is owned by messagebus on Debian
|
|
|
|
|
allow system_dbusd_t self:capability { dac_override setgid setuid };
|
2005-10-13 20:59:36 +00:00
|
|
|
nsswitch_domain(system_dbusd_t)
|
2005-04-29 17:45:15 +00:00
|
|
|
|
|
|
|
|
# I expect we need more than this
|
|
|
|
|
|
|
|
|
|
allow initrc_t system_dbusd_t:dbus { send_msg acquire_svc };
|
2005-09-19 21:17:45 +00:00
|
|
|
allow initrc_t system_dbusd_t:unix_stream_socket connectto;
|
|
|
|
|
allow initrc_t system_dbusd_var_run_t:sock_file write;
|
2005-04-29 17:45:15 +00:00
|
|
|
|
2005-09-19 21:17:45 +00:00
|
|
|
can_exec(system_dbusd_t, sbin_t)
|
|
|
|
|
allow system_dbusd_t self:fifo_file { read write };
|
|
|
|
|
allow system_dbusd_t self:unix_stream_socket connectto;
|
2005-10-13 20:59:36 +00:00
|
|
|
allow system_dbusd_t self:unix_stream_socket connectto;
|
|
|
|
|
allow system_dbusd_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
|
