From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 14 May 2009 11:14:41 -0400
Subject: [refpolicy] services_consolekit.patch
In-Reply-To: <49C8E0BA.4090900@redhat.com>
References: <49C8E0BA.4090900@redhat.com>
Message-ID: <1242314081.26262.397.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue, 2009-03-24 at 09:31 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_consolekit.patch
> 
> New file context for consolekit.
> 
> Add interface to allow confined apps to read consolekit logs
> 
> userdomain and xserver do this.
> 
> consolkit execs shell
> 
> Dontaudit ptrace all domains
> 
> Reads usr_t files
> 
> Communicates with lots of domains via dbus
> 
> Uses polkit
> 
> Needs to read files in nfs and cifs homedirs.

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150