diff -pruN -x .git -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-18012011/policy/modules/services/consolekit.if refpolicy-git-18012011-new/policy/modules/services/consolekit.if
--- refpolicy-git-18012011/policy/modules/services/consolekit.if 2011-01-08 19:07:21.232739776 +0100
+++ refpolicy-git-18012011-new/policy/modules/services/consolekit.if 2011-01-18 23:13:49.767848514 +0100
@@ -93,5 +113,6 @@ interface(`consolekit_read_pid_files',`
')
files_search_pids($1)
+ allow $1 consolekit_var_run_t:dir list_dir_perms;
read_files_pattern($1, consolekit_var_run_t, consolekit_var_run_t)
')
diff -pruN -x .git -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-18012011/policy/modules/services/consolekit.te refpolicy-git-18012011-new/policy/modules/services/consolekit.te
--- refpolicy-git-18012011/policy/modules/services/consolekit.te 2011-01-08 19:07:21.232739776 +0100
+++ refpolicy-git-18012011-new/policy/modules/services/consolekit.te 2011-01-23 04:27:33.161902362 +0100
@@ -118,6 +118,10 @@ optional_policy(`
')
optional_policy(`
+ shutdown_getattr_exec_files(consolekit_t)
+')
+
+optional_policy(`
udev_domtrans(consolekit_t)
udev_read_db(consolekit_t)
udev_signal(consolekit_t)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/24/2011 01:44 AM, Guido Trentalancia wrote:
> diff -pruN -x .git -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-18012011/policy/modules/services/consolekit.if refpolicy-git-18012011-new/policy/modules/services/consolekit.if
> --- refpolicy-git-18012011/policy/modules/services/consolekit.if 2011-01-08 19:07:21.232739776 +0100
> +++ refpolicy-git-18012011-new/policy/modules/services/consolekit.if 2011-01-18 23:13:49.767848514 +0100
> @@ -93,5 +113,6 @@ interface(`consolekit_read_pid_files',`
> ')
>
> files_search_pids($1)
> + allow $1 consolekit_var_run_t:dir list_dir_perms;
listing consolekit_var_run_t directories is not strictly required to
"consolekit_read_pid_files", i would create a new interface:
consolekit_list_pids() instead.
> read_files_pattern($1, consolekit_var_run_t, consolekit_var_run_t)
> ')
> diff -pruN -x .git -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-18012011/policy/modules/services/consolekit.te refpolicy-git-18012011-new/policy/modules/services/consolekit.te
> --- refpolicy-git-18012011/policy/modules/services/consolekit.te 2011-01-08 19:07:21.232739776 +0100
> +++ refpolicy-git-18012011-new/policy/modules/services/consolekit.te 2011-01-23 04:27:33.161902362 +0100
> @@ -118,6 +118,10 @@ optional_policy(`
> ')
>
> optional_policy(`
> + shutdown_getattr_exec_files(consolekit_t)
> +')
> +
> +optional_policy(`
> udev_domtrans(consolekit_t)
> udev_read_db(consolekit_t)
> udev_signal(consolekit_t)
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk09hKwACgkQMlxVo39jgT9HHACeJgMEO6Y7A3hWgZKiuLRsbFOR
W6gAnjLDosNZFwgz+ULFHoY9PI7YSgza
=SZt+
-----END PGP SIGNATURE-----
On Mon, 24/01/2011 at 14.54 +0100, Dominick Grift wrote:
> On 01/24/2011 01:44 AM, Guido Trentalancia wrote:
> > diff -pruN -x .git -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-18012011/policy/modules/services/consolekit.if refpolicy-git-18012011-new/policy/modules/services/consolekit.if
> > --- refpolicy-git-18012011/policy/modules/services/consolekit.if 2011-01-08 19:07:21.232739776 +0100
> > +++ refpolicy-git-18012011-new/policy/modules/services/consolekit.if 2011-01-18 23:13:49.767848514 +0100
> > @@ -93,5 +113,6 @@ interface(`consolekit_read_pid_files',`
> > ')
> >
> > files_search_pids($1)
> > + allow $1 consolekit_var_run_t:dir list_dir_perms;
>
> listing consolekit_var_run_t directories is not strictly required to
> "consolekit_read_pid_files", i would create a new interface:
> consolekit_list_pids() instead.
Ok, it will be changed accordingly.
Regards,
Guido