Debian policykit fixes from Martin Orr.

The policykit binaries on Debian live in /usr/lib/policykit so add file
contexts for that.  Also a couple of policykit rules.
This commit is contained in:
Chris PeBenito 2009-08-18 09:48:28 -04:00
parent b2648249d9
commit 909922027b
3 changed files with 10 additions and 1 deletions

View File

@ -1,3 +1,4 @@
- Debian policykit fixes from Martin Orr.
- Fix unconfined_r use of unconfined_java_t. - Fix unconfined_r use of unconfined_java_t.
- Add missing x_device rules for XI2 functions, from Eamon Walsh. - Add missing x_device rules for XI2 functions, from Eamon Walsh.
- Add missing rules to make unconfined_cronjob_t a valid cron job domain. - Add missing rules to make unconfined_cronjob_t a valid cron job domain.

View File

@ -1,3 +1,8 @@
/usr/lib/policykit/polkit-read-auth-helper -- gen_context(system_u:object_r:policykit_auth_exec_t,s0)
/usr/lib/policykit/polkit-grant-helper.* -- gen_context(system_u:object_r:policykit_grant_exec_t,s0)
/usr/lib/policykit/polkit-resolve-exe-helper.* -- gen_context(system_u:object_r:policykit_resolve_exec_t,s0)
/usr/lib/policykit/polkitd -- gen_context(system_u:object_r:policykit_exec_t,s0)
/usr/libexec/polkit-read-auth-helper -- gen_context(system_u:object_r:policykit_auth_exec_t,s0) /usr/libexec/polkit-read-auth-helper -- gen_context(system_u:object_r:policykit_auth_exec_t,s0)
/usr/libexec/polkit-grant-helper.* -- gen_context(system_u:object_r:policykit_grant_exec_t,s0) /usr/libexec/polkit-grant-helper.* -- gen_context(system_u:object_r:policykit_grant_exec_t,s0)
/usr/libexec/polkit-resolve-exe-helper.* -- gen_context(system_u:object_r:policykit_resolve_exec_t,s0) /usr/libexec/polkit-resolve-exe-helper.* -- gen_context(system_u:object_r:policykit_resolve_exec_t,s0)

View File

@ -1,5 +1,5 @@
policy_module(policykit, 1.0.0) policy_module(policykit, 1.0.1)
######################################## ########################################
# #
@ -92,6 +92,8 @@ manage_dirs_pattern(policykit_auth_t, policykit_var_run_t, policykit_var_run_t)
manage_files_pattern(policykit_auth_t, policykit_var_run_t, policykit_var_run_t) manage_files_pattern(policykit_auth_t, policykit_var_run_t, policykit_var_run_t)
files_pid_filetrans(policykit_auth_t, policykit_var_run_t, { file dir }) files_pid_filetrans(policykit_auth_t, policykit_var_run_t, { file dir })
kernel_read_system_state(policykit_auth_t)
files_read_etc_files(policykit_auth_t) files_read_etc_files(policykit_auth_t)
files_read_usr_files(policykit_auth_t) files_read_usr_files(policykit_auth_t)
@ -104,6 +106,7 @@ miscfiles_read_localization(policykit_auth_t)
userdom_dontaudit_read_user_home_content_files(policykit_auth_t) userdom_dontaudit_read_user_home_content_files(policykit_auth_t)
optional_policy(` optional_policy(`
dbus_system_bus_client(policykit_auth_t)
dbus_session_bus_client(policykit_auth_t) dbus_session_bus_client(policykit_auth_t)
optional_policy(` optional_policy(`