Debian policykit fixes from Martin Orr.
The policykit binaries on Debian live in /usr/lib/policykit so add file contexts for that. Also a couple of policykit rules.
This commit is contained in:
parent
b2648249d9
commit
909922027b
@ -1,3 +1,4 @@
|
||||
- Debian policykit fixes from Martin Orr.
|
||||
- Fix unconfined_r use of unconfined_java_t.
|
||||
- Add missing x_device rules for XI2 functions, from Eamon Walsh.
|
||||
- Add missing rules to make unconfined_cronjob_t a valid cron job domain.
|
||||
|
@ -1,3 +1,8 @@
|
||||
/usr/lib/policykit/polkit-read-auth-helper -- gen_context(system_u:object_r:policykit_auth_exec_t,s0)
|
||||
/usr/lib/policykit/polkit-grant-helper.* -- gen_context(system_u:object_r:policykit_grant_exec_t,s0)
|
||||
/usr/lib/policykit/polkit-resolve-exe-helper.* -- gen_context(system_u:object_r:policykit_resolve_exec_t,s0)
|
||||
/usr/lib/policykit/polkitd -- gen_context(system_u:object_r:policykit_exec_t,s0)
|
||||
|
||||
/usr/libexec/polkit-read-auth-helper -- gen_context(system_u:object_r:policykit_auth_exec_t,s0)
|
||||
/usr/libexec/polkit-grant-helper.* -- gen_context(system_u:object_r:policykit_grant_exec_t,s0)
|
||||
/usr/libexec/polkit-resolve-exe-helper.* -- gen_context(system_u:object_r:policykit_resolve_exec_t,s0)
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(policykit, 1.0.0)
|
||||
policy_module(policykit, 1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -92,6 +92,8 @@ manage_dirs_pattern(policykit_auth_t, policykit_var_run_t, policykit_var_run_t)
|
||||
manage_files_pattern(policykit_auth_t, policykit_var_run_t, policykit_var_run_t)
|
||||
files_pid_filetrans(policykit_auth_t, policykit_var_run_t, { file dir })
|
||||
|
||||
kernel_read_system_state(policykit_auth_t)
|
||||
|
||||
files_read_etc_files(policykit_auth_t)
|
||||
files_read_usr_files(policykit_auth_t)
|
||||
|
||||
@ -104,6 +106,7 @@ miscfiles_read_localization(policykit_auth_t)
|
||||
userdom_dontaudit_read_user_home_content_files(policykit_auth_t)
|
||||
|
||||
optional_policy(`
|
||||
dbus_system_bus_client(policykit_auth_t)
|
||||
dbus_session_bus_client(policykit_auth_t)
|
||||
|
||||
optional_policy(`
|
||||
|
Loading…
Reference in New Issue
Block a user