From eae2c639f7d7e071d33d6a113459e9e4e2bada98 Mon Sep 17 00:00:00 2001 From: Lukas Vrabec Date: Wed, 9 Nov 2016 13:45:14 +0100 Subject: [PATCH] * Wed Nov 09 2016 Lukas Vrabec - 3.13.1-225 - Allow systemd_logind_t domain to communicate with devicekit_t domain via dbus bz(1393373) --- container-selinux.tgz | Bin 4911 -> 4909 bytes policy-rawhide-base.patch | 5 +++-- selinux-policy.spec | 5 ++++- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/container-selinux.tgz b/container-selinux.tgz index 7a78fdfc9244b531df1ecd72c3ef0dfe0bfecec2..84868715106d553ef77ba0271c4fc3dc132333bf 100644 GIT binary patch literal 4909 zcmV+|6VmJ-iwFQC8Y5T$1MOYwkK4Er&)4-|AtVQ6_mJ!(NpryF+M>AYhkht}XzyFE zRb`2`bbWiEFiHh&HP9X$>Gd!sEx~lMQK6m%XIVXNY^!7 z@87?}&ztXlbFF{E_4fMa{o7|Z@NxbA<~P^x-afm&d3*ESyJx}mu_~lr4P{Xs1kbX& zI$D$1N;mcVfAm_tcoBS0n>>%|$KURaqKGEG>&5Rs$s<#TGs< zzrRv!D**AkdZodSvp+tNxM4&?Pm6%<^czW;!@O_mQjMSSbCg=ZZYZKN@!P1jtj=CutX5}nS(7+VLQ0}K-i7P5IRED6 zVs)m93#*7ht?;fL%=Cm^tgwJ1bQDPT$@UV;V@?nGbw(T&oYL6|2g>_zyi85pS-K7q zsD8}KIwf?5q|aQEj^db5j&?Rr#8N0wEgu2jMKzLkvgPFm-`tpJZlRrl#D}k8Me3Xa z<0j1rRRv3G-XjZ-?58GbKA^s&pe+NuNTgdwui_KLjQAAMBCv)@-*gH z&Z~Ab-6r7=(QXQ3YQh{o187XpO6B@jkT*pKBhtD8 zO6hgSBeLA5Y!^g8*f5YVOXGmIzH=Tx-6371>A|W_@30)C{DK`iK$f)#u@(k=bj5j7 z$_>}VLMW)bV=kpRMG4+8<=JMe%3jverZvm&_>-|9>8o70N%#e*2u&jjf4DIw*Ec z(qijXta*wk9p~+y8z+d%+twz*H*etITln{GS^Mm#KmGVbRt|2(RB1AA-2h+MqHq9; z&M=5Mkn!f?ZXYG}-68=fXGe@e8*}~cN6JVZvusx6>BIP0Q>2WGzw0Q0ok&AV6(o8q zMe>?tB^v7>sT9T&e-g+`G0Se%UgMG+BIgXV#NI8`Sbh@9T4FEw zcZ0V4TPRu|5}yqxNLFt77Ac%dy}J+dN6Vs6PFJf5OSBQA0IZLPfHKgNIiEa)ef33M)CQFx)_U)aNni85 zU))|M{4p#rt<(PY(+^z%^eOjT6?^v{(xSqK58s{=x48`!LS4BQ7cHj)o1BB+qJ&g^ z1YIDj#mZU6hA}R!-2J+NS_QIw+%MwOJ%xh7_TWLAe%8TVT9-vW%L+M8cky~2>V8=x zX{txv{@U0Kfd$~C$PF}kVZh$Z4qU{{tP~UnCD?ZVO+7B301}1 zp-LBm7LT;fi79>=Vi@qFlsy1MXCSvSc3S?e7rSh}!Rw#q*2c-SyR95&R0|`oSw--| zs?5^(k&kfYaI}XYh(h!bds0ukhU7Lrue!j^%o&{CbfQnt# zY#n0yKAS&b481vwJoBKzx@?Ms@(F|6Bg^PAvBT5CACPF*RdKJNqTa$W6)azeo1L%< zM#ZB6UalEJ7GQG1f>u9PB{Wx9swtJy{&F)0zSm_&;;6cslzdm+eG?sBrk|h_QTeVU z(HmN|64WV!M70h~-EMRB#+=3+pur}T_Sk`BOcEK?#Sh7tGtnUpAGb(usCL`lh=fla zRT}SYTJ}A;J{xXMTEyPp+_UZcIcnA4lCl}CW?nsVuCc1yu2RQqhbnRPQ&H)wU0cUF74`q{fr!| z4EOn;ch_&fyB?nZd2{{U>HN=^xP)sT=4H}k&xp|N^bQc_>sgJXcTmb zL3ypXj!6iO<>qT8w_OQtUP3X!{f>Ydto4n?h}&5z;K;**Sr+{K!%sm~)~wx~t)v1I z=%|%gQ$%aM4Xuq2cHgUD6J?Y@du*mC6q811>hWa(w3*X#>QgIgiswiq5y{IU6w3MB zP?GD+h~Nrov;H-Nl{el+#g;$Kc`U{R*D|5W=*h9t)wX2ETjx?sBa}?&2y5;jP(?kI zi*R}R@(}k%BGf}PV|p(kI)fm3yEJ#Ozjb-udpaHvZSb&PMQxW@;Bj%8V~)m6-aee# z_*FYy_$hA2Vh{U#$Unwafzm#57uOZ_l)rh?jX_ppAi0mJg3AIiQ+vhdLoO5AsDd&e zJ=_L9A22zlYF>?|E8c2*27U|>d#q064K-kIXb&BJ+VPRrJgWGB8;>gUC^bi;2dKkP zL?3({7_pWyBpnx}1&#Zq^tL5b^tZivZbTTvs}z?$c9$U|vR&BY`Iu!4CO4M*SZxxA z5JFx;mvLwIe8gxFG%P(M@$!2gRv7gw2;;xchb(g!&~71w85L!LSf1gL@X<}{7A4u{ zHjb)jon|R}3_b<%uDmaTk14F18~6rb8%kK31o_9JOaiPd-$3Bs)@jiu^zj>YbPt$p z1CY40Gf^BWTLPX1tNZ&&Pv|wiE0}2J7nF5iI%T_rDbsm z5BKc*o_TA1u-{mii9LI4_~Q3%d#{l)fVPa70|k!uzT?rsLifc#MDYG?kT%sZ3sFh# z$1G!=9Z^_5DrmsOU&Ns49`Gtu&cM8i!93Aj)Vb3{v`t@=_G?aiP=UKyW$|IJS>`$$ zzwco2z??leJTRBWn?2iIm_9u$iD#~wzN5IU$}-EWIkWsI*qC6GMUO{@f3rNk=@`Rt ziqMWA9IpU8G_iWo(O8ZKxgFCv%4zB({5})k6LYrG^TeI4_&jmj!$nI2&(?xdxIUV& z_x7Zj9)#)el7E#KG+?KWR_{A{y)fq*k)FW&4Kokmy@r_!*L0Z9AJQ}o+P3on;WLcK zhe`)y_rBFLU04=lwZq$=WprLfDEmQrV_USy{YQ`{$z+m=*l*;yCT2aYQx}BYm-RlN2BR60%=ZUA`L@`V6V4@_J@+EzO&zgiE z%a?_SC)6dBmC91)d!}pi7WGA+itb33Ip9!Y7$)X>30wGCr*T-6iKPlU3nfJYCEc}b z>1Ge6JU(XEYl8lj8&dRD3-X)^C}|`A@AU6UcNyvSAs^SX$kh& zJjH=LGY3V>GEsz7qI~Gb-5$4vS`c?LM(#U_NrO3;v$-6Fp${(VwXMsha@I>y3dfl~ z=2=>NwA0FL_Q*CHfuvVQTLmdAYh2mt=sx6oWe;E?Cn^1Cq32sXsGkZ-?^71<%yjZh z%TQckuP5cb1zNsWL?s!TsW=fnZ)`2<4qD;R;l<~4YoYEDgQ~}{EKu8=gOtYFVB;IJ z>3Bfm`I1pA>xz)qJ5RXL**A5Chz)N$f8yLW4MkhpUVNNTCiDG+lZ?4q z3AWm-y?I%N{J?JFMawF1>t}QnbgBRtY^dZyP>t<|b|B0ye!sWHJ-NrNxWtt2Zdss;FBXMAc)mb>j`06Jkl=YI*)Z6vh@w#>8Wqh>h0D5 zFC%#?EbhCs0u@wj$_b15-wmNGwwUzD4`7%y5=R^pR+*WpjnU2GY9nwiF0oS6_F#^y069XD+J~-yf0V>cotnLP z6K=n~c8gdTMJ}@xh?>HStR^00z7lBrL7MB1AvGj*bifO&Cah{yZpGQif}j8L<6nZm zLWAx|@H3t^6xI}y!wCS}r=b>Y%S=jzkZ*nx3qjK1M4BeJi_^7Uo zb^})%!onNQ09MB#x}qz{(Rw43N+y}hV^{Xy9!5$s z+0d6(p`wAZm-pASW|hsMwJ{dlvo0{sVm%oI%YjbVor<4T)LmM$=^%k1bGYvOxzEHm zQHB%@({*Xlxn0?c&NUAOwc6zIrB}1I$G``nh3iGIDQk4oB|!Ifmyn7U+MD#MJuKB8 zr|+as7LZQl8BF!S(a zxA9B|KUaq#fw4n9&UpwvkKe`MI;=N(@6UuU-=mz}QRu6SDHW<-V%RB7n?6zX94aTrrny$}{mx#AS0_yz zz>?=)_c(Z@bIv?<)W+2;a9ZHFJ>}Iqt7Bcy)tieZl1ZjtzvOy0nOCw9yfYJIp)y=a zA%_;>&JXcHpUx5SN;+sq#US&-5bkVAU3-Nsk+z?vjtCjS{Px~j^68B)Mf$bhyYN)5 zRx+2HqrKb0{r->Z_c!ot^!I{V#p>ML%D*2} z-*(eT9!{kAhLEd<)>mNkp+9#eaIRX)zyI^O-PG97aVf zSi%wdvnxY-4f1op!Kl4uL88O@DxuD=F2B9_{h2pbtj^w^K-l_>2OJlWt4s=QwlWJ^U6{qoyi@VusfeZ|SoX<&6&!XMec()^snGQb!^ zp4(+EJbBJVLN18-<^aec=APr;IaDR)5k{;+HV@o`$E_KD(cx<^Vwq8_@E0D;3U=`^ zJpev@Xv1oBfch1#W?N4LYYCE>b+h1!%Kd_W)o9i#I01*AFyPT;@Z_I2T1bRaeF@Wo z&IKJs0yI4az*pHrJQq^FsX_WI$fvhbe*o# fb-GU1={jAf>vWy2({;N3pRfM{yc-sD0H6Q>R1cC@ literal 4911 zcmV+~6VU7*iwFSYx*=Eq1MOYwkKDMC_t)vaLa-O`%)*|B$MFK=O@d%IAM)XlMY7*+ z?-aGf?$%nbh}1mJ@c({Qd`Of;QdGCvo;$PvySt^TAITzFtSS~Yaaph^El7QtZeASe zx`yk+hxhn-^TQvm^-s8NuWvrwzPN#p>)YEu+`hkkaeZ@p^TUT1!S%5!q+bnXQ5^&? zvimw(lh{f(_5Anew9@S5O`gKQwvLeM>S~hh|f~cypG>%wW7D22ANZqV8Hp&Eg#Zlq=DlHhPH&IN^|JBweteb+RISHXWj`RA> zzgA~kQiL`6cazpYyE;2#PnFh!mWRDD+$11@kbPX8y}nqj&f>Brah`;fM0LCi*J*M7 z-Oa`7OcfVa5rbOcT|1cR3Ao&q?aMLjH0WPDU7KJb5t#9?7`<`3TXX^O6@q^=unqOmHtnlF+nSp>)%1%6djC6 z>k25P*BwvD@{qD!5CLJsK*B7I1K#@1c>r~Xbdjb9t2({Ma**;XcIW_E)*{4O81T^* z=S?X$ToVhSpz@Bnl;#vAc*8i0D76&DpN-2}6Iom`r#$@sWl&Zq|0w(8OIA0wCL-ye z*fmLutyi(;DWY_ow|j1!ATDoPn*`szgMYX1@BOm&*)M~zOY5% z02G~J5OW~o&Bfh5O6vPX0#MG57=H@w28#85e)oQ35-WhL$Qw z^j3=GHOWde)}l>29t`lU;tXcS8ygCPjXiPoh;yMYR5e2eqD{zs#VAS^AEKb} z(;#0(co*;LP)v}A5NffEkns}kV&@==)mIZXej^2&BWk?HB{@XS8D@#STd1-8B$Tzp zUhwY*ZTYuQv_2$08%~g{-15m`L6!@l1$kHIWH7=wtx0j^2UlMg!Qbv~sZ#HV`-1%vIugEsxFgZs2Di+q+9a-8ns^*q%5 zvPRNWkGlP}u^9pjxcR}>cwekvo_4)-o`TO{b=M$`fTr6b%7pzHeEB%f!-B%NVmA}2 zin&9TE(9$eX`K^O{4&Ha;72KY0Eo^&Ze{GW{97+}*?fc7Kh3R;lWBKbInJmSMqaau z;DuG0rSTIV;mXUGZasM01yegJ7uxfQD8TEbqc>sHu$@f37=>{7!)KPF!s|OHi-1M`P8q|xoeHX_X(b!hU?k@UKff_HZulrN+q9Klc(a(=!x4{!Z^lXW}`s;mJO zyR6wd#PoeOf5I4ga~OH%L4$SK6ba=M2De9+(Pd(Xr-eTt(XOlFUO`2@g<~pMz797# zVHJ#uCj-1(GlVR_7Dy9APW(<6<%Z$WPbu}sZuDbgsI=W0hK_{Z} zT}h%hv}z@&QwE7@9hkb^=IV_(jX6MrO(^ZL1Id^qGN_9mk}+qZLmEDAk=#)2w!IMv zpE{~E-rKb7dvbj?+?=$Cy}!9<+xc_Us=p;=Gg{5OdgNSVRkvNGj@J%bEX0LkcD-G` z`Qa(2d|w0YALUn3#uFbl=zwb>i*LO~W81~l!}?9cB$O_N5h-o=JNXTdX|z~y$XINaRwR% zU1CsPE3RV_LSwo4TFGr!f}596Oz^NHpayGwqcP%kmI^rXuwa%2zy9<~P?a@ncV{c9 zzyvyKCDs(tT5m&Z{n6SB^G#GT;`agag(My6L~`o*c;kIho5$Qq&1H!KH$cq$~;QV(dYr{ zFci@T9|uOPWeiEjMQK6fekr|e2^IZqZ=M?w#_%e|rH|cZ$cStg_H;gG8H34<*fZ&0oaBTmL@^|sVI{GE6X zCffic?(9qy46Cl%BdkdV7E*?LgcD5NcG8xBXTj?JeiD>kXK9`?UJojhk*4d?ZZ}|l zl(zRE_A@4!O`D#);QmcdG!|D2pft${We$5cDBcBYuAyl|D^esb&fy5wn}Tj9A247B zI3u|htHXFqWWqvH$sObM&~#eiP_Xgolf4lqlUO{F4OuPwG+nLu=B?I!dd7_?pa_fo zTigMT^S1VBvM@?a8?*Z~*N!$Yi@e&Z&^}{ZdHz)JrOkEQud!RhjeVQy#F{-xYARmkTe&#u4t+WEAIOUCP#{3Rh_hF*t+uvzf zT*AXW`@U!1S|98;7G`449vi;+ecRq^qzs@fBj!MXqrLBVbgTGhk8e80 zaGWBvBM8SU01r*9UUf8Zg=5UyviiskSj>6iX*f~L(tDUFiKTo=pWw45 z;m7i2A>s*j31y|Sl=+_N+Pp=5(Wjz2l4TA!lo*DI`Ch^ne%5Im7G+|og3dxokw8iJ zEnB+TgK5vQ23s~3Hr^`Ug_wXaO&`m&gB@d)XAz1eF7v#~$YaPmc$$}Q5X_aJk!f0j zJvL8qAkWM}(XvbwA(bc}`f<0%ZJ`##-Heg@PGZtv&gE<_M`7rLi+XMAvZd zJkv517uf4b`Cx&T?-fx=hGr^GgwGpWi@JkWICOaNIo(>Qd&HpXF)RzzHs>Ivu{PNF z#%%gOkt4f?M?KoZJ+?j|4NK($k&sQ)WK4J|kG3JNbBG~tgMOkol@jUwgyO)qMYfWd zEBbWf#5EiUtE=4V;a`ZyqJ?V*g&p9vxzr5|;4-5VBDOH66~jcaJ-PAy*!N-*cx`&} zMB&w|AbX6(kyp%%o3oprL~)2=fI3YG+F;u>!H){}=i#%#pHEco=;OC_Su*|w3^nyt z9@_+4ZPwnrEJJ=^H}Rrn6}a^?Itn^f01P%%av`Y3c0)T5W*5KT+v1+w<5pZ^%J(ZtXEFfATw7jm7)Iu6Df~wEZB>b;pnzk~%uz6;=~gH7d8_Y-GW&fB*UK z!9Sou_ayigPaE=7EqmJFYH$RHrz-Md#JN0f&rb%c1cUmNLT#fz;Uk}y&K~H9x%0A! zf5YF_y=y=(WNWMQ!lO;-jI?e%9uzauwxkuy9~~r05do65(VS2=dzw&E^-oyVIbaMfv@nu;bUo&^F1JKVVK*L+KdqseICU-ptEtjww1gAz4rhk zC7EpKYpYPvK-tUtYg)6)=Fr+03+`DL7-zAb41(oAC+tqe&noIZt=V*tK#)0HcmCXG z;+rT#3Wn*rwCLQfY(?jqhk{yd^7zuLS=(dagV4hDD%g}Yy6F<2d%H_WMGNgsdea`3 zYLCHQ)- z>8wZGy&1q*>KPxY@_b%9P&>-FJEx~!plS+^PXvT@wtk#C60bU&c(ao9Ccki89(^*tBP5ZwnOTF9!YUSjuD#?5ksU3f{WbbMkJ%Z!xupAPH1U+Ed?E z2Ru9;m+4T&Z4n>T_YfzLrOt2GedQ?h)y0$wRWC8@l%`FesCo{SlVj6dtN4Cruf(g9 zCJtc9bFX_GJkmL5o;qsdY8E&xaNM5q>YdfGuIK8_MH9&+)30B0J)6ucSqR>l39?Wb zuB4Ddi*Vd0_~5wxq7T!j?$ePg6&Pj9`9yZ!P)s#+M@f*6&?- zE>|m=%gxc=ZQ*|Z$MuIBcsBa`zwb})|M(i$6>bq;{dOr1HS^c|@OaH5EWKiNZtmpY z5329FX(SIPQhYS4(qFgI={O7{^HMP-dM3ZkIN;|;m9F(5ZvkttQAeN zbHO@ClUJ?}23S|3wBPV#gEy%1eoc@q6-D&R?|;Mdn*Q|_CqJiw)nN&LWdBO@a}vt{ zV+?t2m$~rdITs1JAmY0NAcvTHj(g`&m6%5uu?pEda1S20X81*iuf2$6MzO+QcrYv2 z#mDpj`0$|(tI+}KSGbyOJrS%WNM_c}f+s5X8~#}bQB5D^cVnNWsmV(NcpA;9ca5Bj?yIG+UGf4r|Wc`uG4k8PS@!=U8n1Govzb$ hx=z>WI$fvhbe*o#b-GU1>H7bC{Vx2*6 diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch index 7a93d33c..e4bcf7d5 100644 --- a/policy-rawhide-base.patch +++ b/policy-rawhide-base.patch @@ -49142,10 +49142,10 @@ index 0000000..86e3d01 +') diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te new file mode 100644 -index 0000000..2800431 +index 0000000..373d526 --- /dev/null +++ b/policy/modules/system/systemd.te -@@ -0,0 +1,973 @@ +@@ -0,0 +1,974 @@ +policy_module(systemd, 1.0.0) + +####################################### @@ -49431,6 +49431,7 @@ index 0000000..2800431 +optional_policy(` + devicekit_dbus_chat_power(systemd_logind_t) + devicekit_dbus_chat_disk(systemd_logind_t) ++ devicekit_dbus_chat(systemd_logind_t) +') + +optional_policy(` diff --git a/selinux-policy.spec b/selinux-policy.spec index 872bf61a..4cd8e749 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -19,7 +19,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.13.1 -Release: 224%{?dist} +Release: 225%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -675,6 +675,9 @@ exit 0 %endif %changelog +* Wed Nov 09 2016 Lukas Vrabec - 3.13.1-225 +- Allow systemd_logind_t domain to communicate with devicekit_t domain via dbus bz(1393373) + * Tue Nov 08 2016 Lukas Vrabec - 3.13.1-224 - Allow watching netflix using Firefox