From: domg472@gmail.com (Dominick Grift) Date: Thu, 3 Sep 2009 22:36:17 +0200 Subject: [refpolicy] Basic policy for KDE and Konqueror In-Reply-To: <200909032215.24050.Nicky726@gmail.com> References: <200908121440.21006.Nicky726@gmail.com> <1250103483.19221.31.camel@notebook2.grift.internal> <200909032215.24050.Nicky726@gmail.com> Message-ID: <20090903203617.GA2709@notebook3.grift.internal> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Thu, Sep 03, 2009 at 10:15:23PM +0200, Nicky726 wrote: > Hello, > > I've been reviewing and testing my policy for Konqueror according to Dominick > Grift's comments. Now I've got confused with the dbus affair: > > Dne St 12. srpna 2009 20:58:03 Dominick Grift napsal(a): > > use proper dbus interfaces (not dbus unconfined) > > The thing is that Konqueror starts only with dbus_unconfined(). If I use > dbus_system_bus_client() I got message, that Konqueror can't be registered > with dbus, as there is already another one registered. If I use > dbus_session_bus_client() I got absolutely no output. In both cases Konqueror > won't start and no AVC denials are displayed. > > As I looked into Evolution and Mozilla policies sources, there are only this > two interfaces used. Are there some other steps needed for it to work? Or is > there some better suited interfaces? Do you have other suggestions? dbus policy is a bit "underdeveloped". are you looking in the right places for avc denials? ausearch -m user_avc -ts today grep -i dbus /var/log/messages dbus throws its denials all around the place. some stuff goes to audit.log other stuff goes to messages. can you show us your dbus related avc denials? > > Thanks for your time, > Ondrej Vadinsky > > -- > Don`t it always seem to go > That you don`t know what you`ve got > Till it`s gone. > > (Joni Mitchell) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20090903/1ebc3803/attachment.bin