LinuxLists.cc - [refpolicy] [PATCH 1/1] HAL support is not mandatory for ConsoleKit

2011-08-13 19:01:20

Subject: [refpolicy] [PATCH 1/1] HAL support is not mandatory for ConsoleKit

The current consolekit policy definition has hal_ptrace(consolekit_t) in its
main body. However, HAL support within consolekit is not mandatory. As such,
this call should be within an optional_policy().

Signed-off-by: Sven Vermeulen <[email protected]>
---
policy/modules/services/consolekit.te | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/policy/modules/services/consolekit.te b/policy/modules/services/consolekit.te
index dd71359..46cd222 100644
--- a/policy/modules/services/consolekit.te
+++ b/policy/modules/services/consolekit.te
@@ -72,8 +72,6 @@ miscfiles_read_localization(consolekit_t)
userdom_dontaudit_read_user_home_content_files(consolekit_t)
userdom_read_user_tmp_files(consolekit_t)

-hal_ptrace(consolekit_t)
-
tunable_policy(`use_nfs_home_dirs',`
fs_read_nfs_files(consolekit_t)
')
@@ -99,6 +97,10 @@ optional_policy(`
')

optional_policy(`
+ hal_ptrace(consolekit_t)
+')
+
+optional_policy(`
policykit_dbus_chat(consolekit_t)
policykit_domtrans_auth(consolekit_t)
policykit_read_lib(consolekit_t)
--
1.7.3.4

2011-08-16 19:11:40

by cpebenito

[permalink] [raw]

Subject: [refpolicy] [PATCH 1/1] HAL support is not mandatory for ConsoleKit

On 8/13/2011 3:01 PM, Sven Vermeulen wrote:
> The current consolekit policy definition has hal_ptrace(consolekit_t) in its
> main body. However, HAL support within consolekit is not mandatory. As such,
> this call should be within an optional_policy().

Merged.

> Signed-off-by: Sven Vermeulen<[email protected]>
> ---
> policy/modules/services/consolekit.te | 6 ++++--
> 1 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/policy/modules/services/consolekit.te b/policy/modules/services/consolekit.te
> index dd71359..46cd222 100644
> --- a/policy/modules/services/consolekit.te
> +++ b/policy/modules/services/consolekit.te
> @@ -72,8 +72,6 @@ miscfiles_read_localization(consolekit_t)
> userdom_dontaudit_read_user_home_content_files(consolekit_t)
> userdom_read_user_tmp_files(consolekit_t)
>
> -hal_ptrace(consolekit_t)
> -
> tunable_policy(`use_nfs_home_dirs',`
> fs_read_nfs_files(consolekit_t)
> ')
> @@ -99,6 +97,10 @@ optional_policy(`
> ')
>
> optional_policy(`
> + hal_ptrace(consolekit_t)
> +')
> +
> +optional_policy(`
> policykit_dbus_chat(consolekit_t)
> policykit_domtrans_auth(consolekit_t)
> policykit_read_lib(consolekit_t)

--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com