From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Thu, 22 Oct 2009 10:30:58 -0400 Subject: [refpolicy] [ screen patch 1/1] Implement screen-locking feature. In-Reply-To: <20091022142341.GA4007@notebook3.grift.internal> References: <20091022142341.GA4007@notebook3.grift.internal> Message-ID: <1256221861.28212.7.camel@gorn.columbia.tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Thu, 2009-10-22 at 16:23 +0200, Dominick Grift wrote: > Signed-off-by: Dominick Grift Merged. > --- > :100644 100644 ac70bc0... 9e2f209... M policy/modules/apps/screen.if > policy/modules/apps/screen.if | 2 ++ > 1 files changed, 2 insertions(+), 0 deletions(-) > > diff --git a/policy/modules/apps/screen.if b/policy/modules/apps/screen.if > index ac70bc0..9e2f209 100644 > --- a/policy/modules/apps/screen.if > +++ b/policy/modules/apps/screen.if > @@ -44,6 +44,7 @@ template(`screen_role_template',` > # > > allow $1_screen_t self:capability { setuid setgid fsetid }; > + allow $1_screen_t self:fifo_file rw_fifo_file_perms; > allow $1_screen_t self:process signal_perms; > allow $1_screen_t self:tcp_socket create_stream_socket_perms; > allow $1_screen_t self:udp_socket create_socket_perms; > @@ -117,6 +118,7 @@ template(`screen_role_template',` > fs_search_auto_mountpoints($1_screen_t) > fs_getattr_xattr_fs($1_screen_t) > > + auth_domtrans_chk_passwd($1_screen_t) > auth_use_nsswitch($1_screen_t) > auth_dontaudit_read_shadow($1_screen_t) > auth_dontaudit_exec_utempter($1_screen_t) > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150