Update the rtkit daemon module so that the daemon can be started.
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/rtkit.te | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- refpolicy-git-06082016-orig/policy/modules/contrib/rtkit.te 2016-08-06 21:27:11.420095090 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/rtkit.te 2016-08-10 02:06:22.708084566 +0200
@@ -20,7 +20,7 @@ init_unit_file(rtkit_daemon_unit_t)
# Local policy
#
-allow rtkit_daemon_t self:capability { dac_read_search setuid sys_chroot setgid sys_nice sys_ptrace };
+allow rtkit_daemon_t self:capability { dac_read_search setgid setpcap setuid sys_chroot sys_nice sys_ptrace };
allow rtkit_daemon_t self:process { setsched getcap setcap setrlimit };
kernel_read_system_state(rtkit_daemon_t)
@@ -37,6 +37,13 @@ logging_send_syslog_msg(rtkit_daemon_t)
miscfiles_read_localization(rtkit_daemon_t)
optional_policy(`
+ gen_require(`
+ type user_t;
+ ')
+ rtkit_daemon_dbus_chat(user_t)
+')
+
+optional_policy(`
dbus_system_domain(rtkit_daemon_t, rtkit_daemon_exec_t)
optional_policy(`
Update the rtkit daemon module so that the daemon can be started.
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/rtkit.te | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- refpolicy-git-06082016-orig/policy/modules/contrib/rtkit.te 2016-08-06 21:27:11.420095090 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/rtkit.te 2016-08-13 15:06:37.239716395 +0200
@@ -20,7 +20,7 @@ init_unit_file(rtkit_daemon_unit_t)
# Local policy
#
-allow rtkit_daemon_t self:capability { dac_read_search setuid sys_chroot setgid sys_nice sys_ptrace };
+allow rtkit_daemon_t self:capability { dac_read_search setgid setpcap setuid sys_chroot sys_nice sys_ptrace };
allow rtkit_daemon_t self:process { setsched getcap setcap setrlimit };
kernel_read_system_state(rtkit_daemon_t)
On 08/13/16 09:26, Guido Trentalancia wrote:
> Update the rtkit daemon module so that the daemon can be started.
>
> Signed-off-by: Guido Trentalancia <[email protected]>
> ---
> policy/modules/contrib/rtkit.te | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> --- refpolicy-git-06082016-orig/policy/modules/contrib/rtkit.te 2016-08-06 21:27:11.420095090 +0200
> +++ refpolicy-git-06082016/policy/modules/contrib/rtkit.te 2016-08-13 15:06:37.239716395 +0200
> @@ -20,7 +20,7 @@ init_unit_file(rtkit_daemon_unit_t)
> # Local policy
> #
>
> -allow rtkit_daemon_t self:capability { dac_read_search setuid sys_chroot setgid sys_nice sys_ptrace };
> +allow rtkit_daemon_t self:capability { dac_read_search setgid setpcap setuid sys_chroot sys_nice sys_ptrace };
> allow rtkit_daemon_t self:process { setsched getcap setcap setrlimit };
>
> kernel_read_system_state(rtkit_daemon_t)
Merged.
--
Chris PeBenito