add rtkit from dan.
This commit is contained in:
Chris PeBenito
parent
1d3b9e384c
commit
ed70158a39
|
|
@ -15,6 +15,7 @@
|
||||||
kdump (Dan Walsh)
|
kdump (Dan Walsh)
|
||||||
modemmanager(Dan Walsh)
|
modemmanager(Dan Walsh)
|
||||||
nslcd (Dan Walsh)
|
nslcd (Dan Walsh)
|
||||||
|
rtkit (Dan Walsh)
|
||||||
shorewall (Dan Walsh)
|
shorewall (Dan Walsh)
|
||||||
xscreensaver (Corentin Labbe)
|
xscreensaver (Corentin Labbe)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1 @@
|
||||||
|
/usr/libexec/rtkit-daemon -- gen_context(system_u:object_r:rtkit_daemon_exec_t,s0)
|
||||||
|
|
@ -0,0 +1,40 @@
|
||||||
|
## <summary>Realtime scheduling for user processes.</summary>
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Execute a domain transition to run rtkit_daemon.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed to transition.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`rtkit_daemon_domtrans',`
|
||||||
|
gen_require(`
|
||||||
|
type rtkit_daemon_t, rtkit_daemon_exec_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
domtrans_pattern($1, rtkit_daemon_exec_t, rtkit_daemon_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Send and receive messages from
|
||||||
|
## rtkit_daemon over dbus.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`rtkit_daemon_dbus_chat',`
|
||||||
|
gen_require(`
|
||||||
|
type rtkit_daemon_t;
|
||||||
|
class dbus send_msg;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 rtkit_daemon_t:dbus send_msg;
|
||||||
|
allow rtkit_daemon_t $1:dbus send_msg;
|
||||||
|
')
|
||||||
|
|
@ -0,0 +1,35 @@
|
||||||
|
|
||||||
|
policy_module(rtkit, 1.0.0)
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# Declarations
|
||||||
|
#
|
||||||
|
|
||||||
|
type rtkit_daemon_t;
|
||||||
|
type rtkit_daemon_exec_t;
|
||||||
|
dbus_system_domain(rtkit_daemon_t, rtkit_daemon_exec_t)
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# rtkit_daemon local policy
|
||||||
|
#
|
||||||
|
|
||||||
|
allow rtkit_daemon_t self:capability { dac_read_search setuid sys_chroot setgid sys_nice sys_ptrace };
|
||||||
|
allow rtkit_daemon_t self:process { setsched getcap setcap setrlimit };
|
||||||
|
|
||||||
|
kernel_read_system_state(rtkit_daemon_t)
|
||||||
|
|
||||||
|
domain_read_all_domains_state(rtkit_daemon_t)
|
||||||
|
|
||||||
|
fs_rw_anon_inodefs_files(rtkit_daemon_t)
|
||||||
|
|
||||||
|
auth_use_nsswitch(rtkit_daemon_t)
|
||||||
|
|
||||||
|
logging_send_syslog_msg(rtkit_daemon_t)
|
||||||
|
|
||||||
|
miscfiles_read_localization(locale_t)
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
policykit_dbus_chat(rtkit_daemon_t)
|
||||||
|
')
|
||||||
Loading…
Reference in New Issue