Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp825352pxb; Wed, 16 Feb 2022 05:21:29 -0800 (PST) X-Google-Smtp-Source: ABdhPJwYkmihhqePhwfTO+N6Ivknpwj4/6UPYkm+WszIEr/z98vtCCgXrw78Ia9//ztj1VdNMv08 X-Received: by 2002:a17:907:35cf:b0:6cc:e088:9380 with SMTP id ap15-20020a17090735cf00b006cce0889380mr2295177ejc.599.1645017689136; Wed, 16 Feb 2022 05:21:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645017689; cv=none; d=google.com; s=arc-20160816; b=zeoHgr1Bc1hJLnHJB3h3026Zi9e71C/e71o1Ud9kwpa9mYEvFl0ycEXcx2CyL1Pt0u tPRaeVLtTl8lQdkUMqY62X78ROEg0dfg5EuSqMq6xgr+hunMbw3dzgjwiE8220MggMt9 v05a+NQXSDFpPWg+Mbbzx2rnO6SpzsjaLJNi7MSBr/U7C8oy1bANUHpKQxtTLvE6Eimc Yjav/yPpZldyFW/1o73nx721TaiQSOmpS+yA5ylE3CuYVIgYViJ1xpUmzSajk84yXuej fe2frBfnwj9YlkMZnqulAXpvSUhZnMUhlpi/N1nSgvh6XNyr6OodkXFrWHdIItmDr7hd gATQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-disposition:mime-version:message-id :subject:to:from:date:dkim-signature; bh=Q2NyIqqllPrtPm5grpHjpWEp62wtUewvqUI4dOyJoOo=; b=RQMHAFqHSErJxabMhqr6Yj0Y/vo4xGQjBp/mc8jhL2teUMysDFC8QLgS++NNKun4N5 Of+1mzZolBVe5JlUoj+3jKQWfpypV6NIPIZrAVlPp3Ea44E3cIKttBqUpNn0y8fnrXnC EQtqK3dgZ9WHJZMBD11QNh9keQKYhYnau3WwTt9BArACoGVPRNWcEdml5t3xTQdZk7w+ Ter/j1uS+yuEMOgIdiW/jqEsck/rM2W0QKdssvfXD3kQSMvD9DN0vwkIGu2JylcDow84 v0TagK3x+S9D31J2SydWCaQRMSsaRcMhgyzg/dRBkhPh06gNi8ynsonIFii0WQA4egQB rnaw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@coker.com.au header.s=2008 header.b=bGp55ylk; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=coker.com.au Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 5si23491176ejh.208.2022.02.16.05.21.23; Wed, 16 Feb 2022 05:21:29 -0800 (PST) Received-SPF: pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@coker.com.au header.s=2008 header.b=bGp55ylk; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=coker.com.au Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232803AbiBPNLh (ORCPT + 22 others); Wed, 16 Feb 2022 08:11:37 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:39354 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232267AbiBPNLh (ORCPT ); Wed, 16 Feb 2022 08:11:37 -0500 Received: from smtp.sws.net.au (smtp.sws.net.au [IPv6:2a01:4f8:201:1e6::dada:cafe]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C6DF62A64EE for ; Wed, 16 Feb 2022 05:11:22 -0800 (PST) Received: from xev.coker.com.au (localhost [127.0.0.1]) by smtp.sws.net.au (Postfix) with ESMTP id 55457EDF9 for ; Thu, 17 Feb 2022 00:11:20 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coker.com.au; s=2008; t=1645017080; bh=Q2NyIqqllPrtPm5grpHjpWEp62wtUewvqUI4dOyJoOo=; l=1878; h=Date:From:To:Subject:From; b=bGp55ylkrNhH5kQK8qYSnj/2CSorLcDKu8Sdg3MCxHebNJ4cJmWW0StX0ccwkn0+0 LkJMk2QNsiIZ9hNoeXgxCBU6HgRAb/Lx7HWYwEMV/+DQQ8mZGXqsqycFyebtrU8gP7 egW1RbMaaTDs8In8cJR08iaPfkiRnKH/o0pea+B4= Received: by xev.coker.com.au (Postfix, from userid 1001) id D80B21730F48; Thu, 17 Feb 2022 00:11:15 +1100 (AEDT) Date: Thu, 17 Feb 2022 00:11:15 +1100 From: Russell Coker To: selinux-refpolicy@vger.kernel.org Subject: [PATCH] init dbus patch for GetDynamicUsers Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org Small patches for dbus access to talk to init for getting dynamic users with systemd. The daemons do such checks from library code. Signed-off-by: Russell Coker Index: refpolicy-2.20220216/policy/modules/services/dictd.te =================================================================== --- refpolicy-2.20220216.orig/policy/modules/services/dictd.te +++ refpolicy-2.20220216/policy/modules/services/dictd.te @@ -79,3 +79,6 @@ optional_policy(` seutil_sigchld_newrole(dictd_t) ') +ifdef(`init_systemd',` + init_dbus_chat(dictd_t) +') Index: refpolicy-2.20220216/policy/modules/services/postfix.te =================================================================== --- refpolicy-2.20220216.orig/policy/modules/services/postfix.te +++ refpolicy-2.20220216/policy/modules/services/postfix.te @@ -376,9 +376,6 @@ manage_lnk_files_pattern(postfix_bounce_ optional_policy(` init_dbus_chat(postfix_bounce_t) -') - -optional_policy(` dbus_system_bus_client(postfix_bounce_t) ') @@ -754,6 +751,11 @@ optional_policy(` unconfined_run_to(postfix_showq_t, postfix_showq_exec_t) ') +ifdef(`init_systemd',` + init_dbus_chat(postfix_showq_t) + dbus_system_bus_client(postfix_showq_t) +') + ######################################## # # Smtp delivery local policy @@ -778,6 +780,12 @@ optional_policy(` ') optional_policy(` + dbus_send_system_bus(postfix_smtp_t) + dbus_system_bus_client(postfix_smtp_t) + init_dbus_chat(postfix_smtp_t) +') + +optional_policy(` dovecot_stream_connect(postfix_smtp_t) ') @@ -815,9 +823,8 @@ optional_policy(` ') optional_policy(` - dbus_send_system_bus(postfix_smtp_t) - dbus_system_bus_client(postfix_smtp_t) - init_dbus_chat(postfix_smtp_t) + dbus_system_bus_client(postfix_smtpd_t) + init_dbus_chat(postfix_smtpd_t) ') optional_policy(`