Debian policykit fixes from Martin Orr.
The policykit binaries on Debian live in /usr/lib/policykit so add file contexts for that. Also a couple of policykit rules.
This commit is contained in:
parent
b2648249d9
commit
909922027b
@ -1,3 +1,4 @@
|
|||||||
|
- Debian policykit fixes from Martin Orr.
|
||||||
- Fix unconfined_r use of unconfined_java_t.
|
- Fix unconfined_r use of unconfined_java_t.
|
||||||
- Add missing x_device rules for XI2 functions, from Eamon Walsh.
|
- Add missing x_device rules for XI2 functions, from Eamon Walsh.
|
||||||
- Add missing rules to make unconfined_cronjob_t a valid cron job domain.
|
- Add missing rules to make unconfined_cronjob_t a valid cron job domain.
|
||||||
|
@ -1,3 +1,8 @@
|
|||||||
|
/usr/lib/policykit/polkit-read-auth-helper -- gen_context(system_u:object_r:policykit_auth_exec_t,s0)
|
||||||
|
/usr/lib/policykit/polkit-grant-helper.* -- gen_context(system_u:object_r:policykit_grant_exec_t,s0)
|
||||||
|
/usr/lib/policykit/polkit-resolve-exe-helper.* -- gen_context(system_u:object_r:policykit_resolve_exec_t,s0)
|
||||||
|
/usr/lib/policykit/polkitd -- gen_context(system_u:object_r:policykit_exec_t,s0)
|
||||||
|
|
||||||
/usr/libexec/polkit-read-auth-helper -- gen_context(system_u:object_r:policykit_auth_exec_t,s0)
|
/usr/libexec/polkit-read-auth-helper -- gen_context(system_u:object_r:policykit_auth_exec_t,s0)
|
||||||
/usr/libexec/polkit-grant-helper.* -- gen_context(system_u:object_r:policykit_grant_exec_t,s0)
|
/usr/libexec/polkit-grant-helper.* -- gen_context(system_u:object_r:policykit_grant_exec_t,s0)
|
||||||
/usr/libexec/polkit-resolve-exe-helper.* -- gen_context(system_u:object_r:policykit_resolve_exec_t,s0)
|
/usr/libexec/polkit-resolve-exe-helper.* -- gen_context(system_u:object_r:policykit_resolve_exec_t,s0)
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(policykit, 1.0.0)
|
policy_module(policykit, 1.0.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -92,6 +92,8 @@ manage_dirs_pattern(policykit_auth_t, policykit_var_run_t, policykit_var_run_t)
|
|||||||
manage_files_pattern(policykit_auth_t, policykit_var_run_t, policykit_var_run_t)
|
manage_files_pattern(policykit_auth_t, policykit_var_run_t, policykit_var_run_t)
|
||||||
files_pid_filetrans(policykit_auth_t, policykit_var_run_t, { file dir })
|
files_pid_filetrans(policykit_auth_t, policykit_var_run_t, { file dir })
|
||||||
|
|
||||||
|
kernel_read_system_state(policykit_auth_t)
|
||||||
|
|
||||||
files_read_etc_files(policykit_auth_t)
|
files_read_etc_files(policykit_auth_t)
|
||||||
files_read_usr_files(policykit_auth_t)
|
files_read_usr_files(policykit_auth_t)
|
||||||
|
|
||||||
@ -104,6 +106,7 @@ miscfiles_read_localization(policykit_auth_t)
|
|||||||
userdom_dontaudit_read_user_home_content_files(policykit_auth_t)
|
userdom_dontaudit_read_user_home_content_files(policykit_auth_t)
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
dbus_system_bus_client(policykit_auth_t)
|
||||||
dbus_session_bus_client(policykit_auth_t)
|
dbus_session_bus_client(policykit_auth_t)
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
Loading…
Reference in New Issue
Block a user