From: Laurent Bigonville <[email protected]>
Multiple domains need to talk to logind to set inhibits
---
dbus.te | 2 +-
devicekit.te | 4 ++++
modemmanager.te | 4 ++++
networkmanager.te | 1 +
virt.te | 4 ++++
5 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/dbus.te b/dbus.te
index 5f2199c..282eba4 100644
--- a/dbus.te
+++ b/dbus.te
@@ -158,8 +158,8 @@ ifdef(`init_systemd', `
optional_policy(`
# for /run/systemd/users/*
systemd_read_logind_pids(system_dbusd_t)
+ systemd_write_inherited_logind_inhibit_pipes(system_dbusd_t)
systemd_write_inherited_logind_sessions_pipes(system_dbusd_t)
- systemd_write_logind_pid_pipes(system_dbusd_t)
')
optional_policy(`
diff --git a/devicekit.te b/devicekit.te
index 1730193..53dff76 100644
--- a/devicekit.te
+++ b/devicekit.te
@@ -344,6 +344,10 @@ optional_policy(`
readahead_domtrans(devicekit_power_t)
')
+optional_policy(`
+ systemd_write_inherited_logind_inhibit_pipes(devicekit_power_t)
+')
+
optional_policy(`
udev_read_db(devicekit_power_t)
udev_manage_pid_files(devicekit_power_t)
diff --git a/modemmanager.te b/modemmanager.te
index 8dcbeea..9e064a4 100644
--- a/modemmanager.te
+++ b/modemmanager.te
@@ -56,3 +56,7 @@ optional_policy(`
udev_read_db(modemmanager_t)
udev_manage_pid_files(modemmanager_t)
')
+
+optional_policy(`
+ systemd_write_inherited_logind_inhibit_pipes(modemmanager_t)
+')
diff --git a/networkmanager.te b/networkmanager.te
index 985f734..eb437e8 100644
--- a/networkmanager.te
+++ b/networkmanager.te
@@ -345,6 +345,7 @@ optional_policy(`
optional_policy(`
systemd_read_logind_sessions_files(NetworkManager_t)
+ systemd_write_inherited_logind_inhibit_pipes(NetworkManager_t)
')
optional_policy(`
diff --git a/virt.te b/virt.te
index 8528761..3bb9b25 100644
--- a/virt.te
+++ b/virt.te
@@ -813,6 +813,10 @@ optional_policy(`
sasl_connect(virtd_t)
')
+optional_policy(`
+ systemd_write_inherited_logind_inhibit_pipes(virtd_t)
+')
+
optional_policy(`
kernel_read_xen_state(virtd_t)
kernel_write_xen_state(virtd_t)
--
2.15.1
On 12/11/2017 05:23 AM, Laurent Bigonville via refpolicy wrote:
> From: Laurent Bigonville <[email protected]>
>
> Multiple domains need to talk to logind to set inhibits
> ---
> dbus.te | 2 +-
> devicekit.te | 4 ++++
> modemmanager.te | 4 ++++
> networkmanager.te | 1 +
> virt.te | 4 ++++
> 5 files changed, 14 insertions(+), 1 deletion(-)
>
> diff --git a/dbus.te b/dbus.te
> index 5f2199c..282eba4 100644
> --- a/dbus.te
> +++ b/dbus.te
> @@ -158,8 +158,8 @@ ifdef(`init_systemd', `
> optional_policy(`
> # for /run/systemd/users/*
> systemd_read_logind_pids(system_dbusd_t)
> + systemd_write_inherited_logind_inhibit_pipes(system_dbusd_t)
> systemd_write_inherited_logind_sessions_pipes(system_dbusd_t)
> - systemd_write_logind_pid_pipes(system_dbusd_t)
> ')
>
> optional_policy(`
> diff --git a/devicekit.te b/devicekit.te
> index 1730193..53dff76 100644
> --- a/devicekit.te
> +++ b/devicekit.te
> @@ -344,6 +344,10 @@ optional_policy(`
> readahead_domtrans(devicekit_power_t)
> ')
>
> +optional_policy(`
> + systemd_write_inherited_logind_inhibit_pipes(devicekit_power_t)
> +')
> +
> optional_policy(`
> udev_read_db(devicekit_power_t)
> udev_manage_pid_files(devicekit_power_t)
> diff --git a/modemmanager.te b/modemmanager.te
> index 8dcbeea..9e064a4 100644
> --- a/modemmanager.te
> +++ b/modemmanager.te
> @@ -56,3 +56,7 @@ optional_policy(`
> udev_read_db(modemmanager_t)
> udev_manage_pid_files(modemmanager_t)
> ')
> +
> +optional_policy(`
> + systemd_write_inherited_logind_inhibit_pipes(modemmanager_t)
> +')
> diff --git a/networkmanager.te b/networkmanager.te
> index 985f734..eb437e8 100644
> --- a/networkmanager.te
> +++ b/networkmanager.te
> @@ -345,6 +345,7 @@ optional_policy(`
>
> optional_policy(`
> systemd_read_logind_sessions_files(NetworkManager_t)
> + systemd_write_inherited_logind_inhibit_pipes(NetworkManager_t)
> ')
>
> optional_policy(`
> diff --git a/virt.te b/virt.te
> index 8528761..3bb9b25 100644
> --- a/virt.te
> +++ b/virt.te
> @@ -813,6 +813,10 @@ optional_policy(`
> sasl_connect(virtd_t)
> ')
>
> +optional_policy(`
> + systemd_write_inherited_logind_inhibit_pipes(virtd_t)
> +')
> +
> optional_policy(`
> kernel_read_xen_state(virtd_t)
> kernel_write_xen_state(virtd_t)
Merged.
--
Chris PeBenito