This seems needed but i have not figured out completely why.
I know some atlleast that some gnome wants it but i am not sure as to whether text login users need it.
I do not see a big problem with allowing this myself though.
In some cases regular users can be allowed to edit cgroupfs files, and in that case they will need
this access as well.
Signed-off-by: Dominick Grift <[email protected]>
---
:100644 100644 990063c... 97af220... M policy/modules/system/userdomain.if
policy/modules/system/userdomain.if | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 990063c..97af220 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -753,6 +753,7 @@ template(`userdom_login_user_template', `
fs_getattr_all_fs($1_t)
fs_getattr_all_dirs($1_t)
fs_search_auto_mountpoints($1_t)
+ fs_list_cgroupfs_dirs($1_t)
fs_list_inotifyfs($1_t)
fs_rw_anon_inodefs_files($1_t)
@@ -779,6 +780,10 @@ template(`userdom_login_user_template', `
seutil_read_config($1_t)
optional_policy(`
+ cgroup_list_cgroup_dirs($1_t)
+ ')
+
+ optional_policy(`
cups_read_config($1_t)
cups_stream_connect($1_t)
cups_stream_connect_ptal($1_t)
--
1.7.0.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100428/bd06de6a/attachment.bin