From: dwalsh@redhat.com (Daniel J Walsh)
Date: Tue, 24 Mar 2009 09:31:38 -0400
Subject: [refpolicy] services_consolekit.patch
Message-ID: <49C8E0BA.4090900@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_consolekit.patch

New file context for consolekit.

Add interface to allow confined apps to read consolekit logs

userdomain and xserver do this.

consolkit execs shell

Dontaudit ptrace all domains

Reads usr_t files

Communicates with lots of domains via dbus

Uses polkit

Needs to read files in nfs and cifs homedirs.