From: domg472@gmail.com (Dominick Grift) Date: Thu, 22 Oct 2009 11:14:29 +0200 Subject: [refpolicy] [ screen patch 1/1] Add screen-locking functionality. Signed-off-by: Dominick Grift Message-ID: <20091022091425.GA2632@notebook3.grift.internal> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com --- :100644 100644 ac70bc0... 7d2f797... M policy/modules/apps/screen.if policy/modules/apps/screen.if | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/policy/modules/apps/screen.if b/policy/modules/apps/screen.if index ac70bc0..7d2f797 100644 --- a/policy/modules/apps/screen.if +++ b/policy/modules/apps/screen.if @@ -45,6 +45,7 @@ template(`screen_role_template',` allow $1_screen_t self:capability { setuid setgid fsetid }; allow $1_screen_t self:process signal_perms; + allow $1_screen_t self:fifo_file rw_fifo_file_perms; allow $1_screen_t self:tcp_socket create_stream_socket_perms; allow $1_screen_t self:udp_socket create_socket_perms; # Internal screen networking @@ -117,6 +118,7 @@ template(`screen_role_template',` fs_search_auto_mountpoints($1_screen_t) fs_getattr_xattr_fs($1_screen_t) + auth_domtrans_chk_passwd($1_screen_t) auth_use_nsswitch($1_screen_t) auth_dontaudit_read_shadow($1_screen_t) auth_dontaudit_exec_utempter($1_screen_t) @@ -146,4 +148,8 @@ template(`screen_role_template',` fs_list_nfs($1_screen_t) fs_read_nfs_symlinks($1_screen_t) ') + + optional_policy(` + dbus_system_bus_client($1_screen_t) + ') ') -- 1.6.5.rc2 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20091022/b77a5084/attachment.bin