From: martin@martinorr.name (Martin Orr)
Date: Tue, 16 Dec 2008 17:38:09 +0000
Subject: [refpolicy] dbus rules
Message-ID: <4947E781.4090905@martinorr.name>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Let dbus list inotify and run consolekit.
Label helper program in /usr/lib/dbus-1.0

Best wishes,
Martin

Index: policy/modules/services/dbus.te
===================================================================
--- policy/modules/services/dbus.te.orig
+++ policy/modules/services/dbus.te
@@ -74,6 +74,7 @@
 dev_read_sysfs(system_dbusd_t)
 
 fs_getattr_all_fs(system_dbusd_t)
+fs_list_inotifyfs(system_dbusd_t)
 fs_search_auto_mountpoints(system_dbusd_t)
 
 selinux_get_fs_mount(system_dbusd_t)
@@ -128,6 +129,10 @@
 ')
 
 optional_policy(`
+	consolekit_domtrans(system_dbusd_t)
+')
+
+optional_policy(`
 	sysnet_domtrans_dhcpc(system_dbusd_t)
 ')
 
Index: policy/modules/kernel/corecommands.fc
===================================================================
--- policy/modules/kernel/corecommands.fc.orig
+++ policy/modules/kernel/corecommands.fc
@@ -154,6 +154,7 @@
 /usr/lib(64)?/cups(/.*)? 		gen_context(system_u:object_r:bin_t,s0)
 
 /usr/lib(64)?/cyrus-imapd/.*	--	gen_context(system_u:object_r:bin_t,s0)
+/usr/lib(64)?/dbus-1\.0/.*	--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/dpkg/.+		--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/emacsen-common/.*		gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/ipsec/.*		--	gen_context(system_u:object_r:bin_t,s0)

-- 
Martin Orr