diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch index c14c291d..1dd75a90 100644 --- a/policy-rawhide-contrib.patch +++ b/policy-rawhide-contrib.patch @@ -23432,7 +23432,7 @@ index 62d22cb..01f6380 100644 + ') diff --git a/dbus.te b/dbus.te -index c9998c8..b3f7ab2 100644 +index c9998c8..b697f66 100644 --- a/dbus.te +++ b/dbus.te @@ -4,17 +4,15 @@ gen_require(` @@ -23559,7 +23559,7 @@ index c9998c8..b3f7ab2 100644 mls_fd_use_all_levels(system_dbusd_t) mls_rangetrans_target(system_dbusd_t) mls_file_read_all_levels(system_dbusd_t) -@@ -123,66 +124,174 @@ term_dontaudit_use_console(system_dbusd_t) +@@ -123,66 +124,175 @@ term_dontaudit_use_console(system_dbusd_t) auth_use_nsswitch(system_dbusd_t) auth_read_pam_console_data(system_dbusd_t) @@ -23743,12 +23743,13 @@ index c9998c8..b3f7ab2 100644 manage_files_pattern(session_bus_type, session_dbusd_tmp_t, session_dbusd_tmp_t) -files_tmp_filetrans(session_bus_type, session_dbusd_tmp_t, { dir file }) +files_tmp_filetrans(session_bus_type, session_dbusd_tmp_t, { file dir }) ++userdom_user_tmp_filetrans(session_bus_type, sessions_dbusd_tmp_t, { file dir }) -kernel_read_system_state(session_bus_type) kernel_read_kernel_sysctls(session_bus_type) corecmd_list_bin(session_bus_type) -@@ -191,23 +300,18 @@ corecmd_read_bin_files(session_bus_type) +@@ -191,23 +301,18 @@ corecmd_read_bin_files(session_bus_type) corecmd_read_bin_pipes(session_bus_type) corecmd_read_bin_sockets(session_bus_type) @@ -23773,7 +23774,7 @@ index c9998c8..b3f7ab2 100644 files_dontaudit_search_var(session_bus_type) fs_getattr_romfs(session_bus_type) -@@ -215,7 +319,6 @@ fs_getattr_xattr_fs(session_bus_type) +@@ -215,7 +320,6 @@ fs_getattr_xattr_fs(session_bus_type) fs_list_inotifyfs(session_bus_type) fs_dontaudit_list_nfs(session_bus_type) @@ -23781,7 +23782,7 @@ index c9998c8..b3f7ab2 100644 selinux_validate_context(session_bus_type) selinux_compute_access_vector(session_bus_type) selinux_compute_create_context(session_bus_type) -@@ -225,18 +328,36 @@ selinux_compute_user_contexts(session_bus_type) +@@ -225,18 +329,36 @@ selinux_compute_user_contexts(session_bus_type) auth_read_pam_console_data(session_bus_type) logging_send_audit_msgs(session_bus_type) @@ -23823,7 +23824,7 @@ index c9998c8..b3f7ab2 100644 ') ######################################## -@@ -244,5 +365,9 @@ optional_policy(` +@@ -244,5 +366,9 @@ optional_policy(` # Unconfined access to this module #