From: martin@martinorr.name (Martin Orr)
Date: Thu, 25 Sep 2008 13:45:01 +0100
Subject: [refpolicy]  dbus, inotify
Message-ID: <48DB87CD.1090406@martinorr.name>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Let *_dbusd_t list inotifyfs.

Aug 20 12:23:52 caligula kernel: type=1400 audit(1219231432.671:4): avc:
denied  { read } for  pid=2646 comm="dbus-daemon" path="inotify"
dev=inotifyfs ino=1 scontext=system_u:system_r:system_dbusd_t:s0
tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir

Index: policy/modules/services/dbus.if
===================================================================
--- policy/modules/services/dbus.if.orig
+++ policy/modules/services/dbus.if
@@ -139,6 +139,7 @@

 	fs_getattr_romfs($1_dbusd_t)
 	fs_getattr_xattr_fs($1_dbusd_t)
+	fs_list_inotifyfs($1_dbusd_t)

 	selinux_get_fs_mount($1_dbusd_t)
 	selinux_validate_context($1_dbusd_t)

-- 
Martin Orr