Allow sudo domains to manage /var/db/sudo
Allow init_t and initrc_t to dbus chat Allow pulseaudio to read /usr/share/alsa/alsa.conf
This commit is contained in:
parent
a75a591e52
commit
b36c20b2a9
@ -1,2 +1,4 @@
|
||||
|
||||
/usr/bin/sudo(edit)? -- gen_context(system_u:object_r:sudo_exec_t,s0)
|
||||
|
||||
/var/db/sudo(/.*)? gen_context(system_u:object_r:sudo_db_t,s0)
|
||||
|
@ -32,6 +32,7 @@ template(`sudo_role_template',`
|
||||
|
||||
gen_require(`
|
||||
type sudo_exec_t;
|
||||
type sudo_db_t;
|
||||
attribute sudodomain;
|
||||
')
|
||||
|
||||
@ -47,6 +48,8 @@ template(`sudo_role_template',`
|
||||
ubac_constrained($1_sudo_t)
|
||||
role $2 types $1_sudo_t;
|
||||
|
||||
manage_files_pattern($1_sudo_t, sudo_db_t, sudo_db_t)
|
||||
|
||||
##############################
|
||||
#
|
||||
# Local Policy
|
||||
@ -113,6 +116,7 @@ template(`sudo_role_template',`
|
||||
|
||||
term_relabel_all_ttys($1_sudo_t)
|
||||
term_relabel_all_ptys($1_sudo_t)
|
||||
term_getattr_pty_fs($1_sudo_t)
|
||||
|
||||
auth_run_chk_passwd($1_sudo_t, $2)
|
||||
# sudo stores a token in the pam_pid directory
|
||||
|
@ -7,3 +7,7 @@ attribute sudodomain;
|
||||
|
||||
type sudo_exec_t;
|
||||
application_executable_file(sudo_exec_t)
|
||||
|
||||
type sudo_db_t;
|
||||
files_type(sudo_db_t)
|
||||
|
||||
|
@ -95,6 +95,10 @@ logging_send_syslog_msg(pulseaudio_t)
|
||||
|
||||
miscfiles_read_localization(pulseaudio_t)
|
||||
|
||||
optional_policy(`
|
||||
alsa_read_rw_config(pulseaudio_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
bluetooth_stream_connect(pulseaudio_t)
|
||||
')
|
||||
|
@ -782,6 +782,8 @@ optional_policy(`
|
||||
dbus_read_config(initrc_t)
|
||||
dbus_manage_lib_files(initrc_t)
|
||||
|
||||
init_dbus_chat(initrc_t)
|
||||
|
||||
optional_policy(`
|
||||
consolekit_dbus_chat(initrc_t)
|
||||
')
|
||||
|
Loading…
Reference in New Issue
Block a user