Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
selinux-policy.817
suse_modifications_dbus.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File suse_modifications_dbus.patch of Package selinux-policy.817
Index: serefpolicy-contrib-20140730/dbus.te =================================================================== --- serefpolicy-contrib-20140730.orig/dbus.te 2015-07-21 16:39:25.588407411 +0200 +++ serefpolicy-contrib-20140730/dbus.te 2015-07-21 16:41:17.738197485 +0200 @@ -55,7 +55,7 @@ ifdef(`enable_mls',` # dac_override: /var/run/dbus is owned by messagebus on Debian # cjp: dac_override should probably go in a distro_debian allow system_dbusd_t self:capability2 block_suspend; -allow system_dbusd_t self:capability { sys_resource dac_override setgid setpcap setuid }; +allow system_dbusd_t self:capability { sys_resource dac_override setgid setpcap setuid ipc_lock}; dontaudit system_dbusd_t self:capability sys_tty_config; allow system_dbusd_t self:process { getattr getsched signal_perms setpgid getcap setcap setrlimit }; allow system_dbusd_t self:fifo_file rw_fifo_file_perms; @@ -87,6 +87,7 @@ kernel_read_kernel_sysctls(system_dbusd_ kernel_stream_connect(system_dbusd_t) dev_read_urand(system_dbusd_t) +dev_read_rand(system_dbusd_t) dev_read_sysfs(system_dbusd_t) dev_rw_inherited_input_dev(system_dbusd_t) @@ -154,6 +155,8 @@ userdom_dontaudit_search_user_home_dirs( userdom_home_reader(system_dbusd_t) +allow system_dbusd_t var_run_t:sock_file write; + optional_policy(` bind_domtrans(system_dbusd_t) ') Index: serefpolicy-contrib-20140730/dbus.if =================================================================== --- serefpolicy-contrib-20140730.orig/dbus.if 2015-07-21 16:39:25.588407411 +0200 +++ serefpolicy-contrib-20140730/dbus.if 2015-07-21 16:39:28.964461299 +0200 @@ -111,6 +111,26 @@ template(`dbus_role_template',` logging_send_syslog_msg($1_dbusd_t) + ifdef(`distro_suse',` + gen_require(` + type config_home_t, xdm_var_run_t; + ') + allow $1_dbusd_t self:unix_stream_socket connectto; + + # is this firefox mislabeled? + #allow $1_dbusd_t lib_t:file execute_no_trans; + allow $1_dbusd_t config_home_t:file { rename unlink create read write getattr }; + allow $1_dbusd_t xdm_var_run_t:file { getattr open read }; + + allow $1_dbusd_t $1_t:dbus send_msg; + + auth_login_pgm_domain($1_dbusd_t) + xserver_non_drawing_client($1_dbusd_t) + gnome_manage_home_config_dirs($1_dbusd_t) + gnome_delete_home_config_dirs($1_dbusd_t) + corenet_tcp_connect_xserver_port($1_dbusd_t) + ') + optional_policy(` mozilla_domtrans_spec($1_dbusd_t, $1_t) ')
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor