From: domg472@gmail.com (Dominick Grift)
Date: Thu, 3 Sep 2009 22:36:17 +0200
Subject: [refpolicy] Basic policy for KDE and Konqueror
In-Reply-To: <200909032215.24050.Nicky726@gmail.com>
References: <200908121440.21006.Nicky726@gmail.com>
	<1250103483.19221.31.camel@notebook2.grift.internal>
	<200909032215.24050.Nicky726@gmail.com>
Message-ID: <20090903203617.GA2709@notebook3.grift.internal>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, Sep 03, 2009 at 10:15:23PM +0200, Nicky726 wrote:
> Hello,
> 
> I've been reviewing and testing my policy for Konqueror according to Dominick 
> Grift's comments. Now I've got confused with the dbus affair:
> 
> Dne St 12. srpna 2009 20:58:03 Dominick Grift napsal(a): 
> > use proper dbus interfaces (not dbus unconfined)
> 
> The thing is that Konqueror starts only with dbus_unconfined(). If I use 
> dbus_system_bus_client() I got message, that Konqueror can't be registered 
> with dbus, as there is already another one registered. If I use 
> dbus_session_bus_client() I got absolutely no output. In both cases Konqueror 
> won't start and no AVC denials are displayed.
> 
> As I looked into Evolution and Mozilla policies sources, there are only this 
> two interfaces used. Are there some other steps needed for it to work? Or is 
> there some better suited interfaces? Do you have other suggestions?
dbus policy is a bit "underdeveloped". are you looking in the right places for avc denials?

ausearch -m user_avc -ts today
grep -i dbus /var/log/messages

dbus throws its denials all around the place. some stuff goes to audit.log other stuff goes to messages.

can you show us your dbus related avc denials?
> 
> Thanks for your time,
> Ondrej Vadinsky
> 
> -- 
> Don`t it always seem to go
> That you don`t know what you`ve got
> Till it`s gone.
> 
> 		(Joni Mitchell)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20090903/1ebc3803/attachment.bin