From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Mon, 07 Mar 2011 08:56:24 -0500 Subject: [refpolicy] [PATCH 13/34]: patch to allow networkmanager dbus chat In-Reply-To: <1298487030.29671.20.camel@tesla.lan> References: <1297836836.3205.56.camel@tesla.lan> <4D651B7A.4010100@tresys.com> <1298487030.29671.20.camel@tesla.lan> Message-ID: <4D74E408.2050501@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 02/23/11 13:50, Guido Trentalancia wrote: > Hello Christopher ! > > On Wed, 23/02/2011 at 09.36 -0500, Christopher J. PeBenito wrote: >> On 02/16/11 01:13, Guido Trentalancia wrote: >>> This patch allows dbus chat between networkmanager and dbus and >>> between networkmanager and xdm. It also adds a missing permission >>> (sysnet_read_dhcpc_state) to the networkmanager module. >>> >>> diff -pruN refpolicy-git-15022011-new-before-modification/policy/modules/services/dbus.te refpolicy-git-15022011-new-modified/policy/modules/services/dbus.te >>> --- refpolicy-git-15022011-new-before-modification/policy/modules/services/dbus.te 2011-02-15 23:15:42.079074132 +0100 >>> +++ refpolicy-git-15022011-new-modified/policy/modules/services/dbus.te 2011-02-15 23:17:05.366699083 +0100 >>> @@ -156,6 +156,10 @@ optional_policy(` >>> ') >>> >>> optional_policy(` >>> + networkmanager_dbus_chat(system_dbusd_t) >>> +') >>> + >>> +optional_policy(` >>> policykit_dbus_chat(system_dbusd_t) >>> policykit_domtrans_auth(system_dbusd_t) >>> policykit_search_lib(system_dbusd_t) >>> diff -pruN refpolicy-git-15022011-new-before-modification/policy/modules/services/networkmanager.te refpolicy-git-15022011-new-modified/policy/modules/services/networkmanager.te >>> --- refpolicy-git-15022011-new-before-modification/policy/modules/services/networkmanager.te 2011-01-08 19:07:21.269745618 +0100 >>> +++ refpolicy-git-15022011-new-modified/policy/modules/services/networkmanager.te 2011-02-15 23:17:58.800809233 +0100 >>> @@ -141,6 +141,7 @@ sysnet_domtrans_ifconfig(NetworkManager_ >>> sysnet_domtrans_dhcpc(NetworkManager_t) >>> sysnet_signal_dhcpc(NetworkManager_t) >>> sysnet_read_dhcpc_pid(NetworkManager_t) >>> +sysnet_read_dhcpc_state(NetworkManager_t) >>> sysnet_delete_dhcpc_pid(NetworkManager_t) >>> sysnet_search_dhcp_state(NetworkManager_t) >>> # in /etc created by NetworkManager will be labelled net_conf_t. >>> diff -pruN refpolicy-git-15022011-new-before-modification/policy/modules/services/xserver.te refpolicy-git-15022011-new-modified/policy/modules/services/xserver.te >>> --- refpolicy-git-15022011-new-before-modification/policy/modules/services/xserver.te 2011-02-15 23:07:24.845137330 +0100 >>> +++ refpolicy-git-15022011-new-modified/policy/modules/services/xserver.te 2011-02-15 23:17:05.369699539 +0100 >>> @@ -548,6 +548,10 @@ optional_policy(` >>> ') >>> >>> optional_policy(` >>> + networkmanager_dbus_chat(xdm_t) >>> +') >> >> Is there something new with xdm? I'm concerned that more dbus >> communications are added (this patch and others) with seemingly >> unrelated services. > > What you mean exactly for "something new with xdm" ? Do you mean new > features ? Yes. > And what do you mean for unrelated services exactly ? NetworkManager not > being very much related to xdm ? Yes. > Yes, it's not entirely clear to me > either. But could be that due to the applet ? I assume you mean the one that runs in the gnome panel. If so, I wouldn't think so, since that would be running in the user's domain. > More or less I have reported back what was being requested (in the form > of a patch). It makes me wonder if everything is running in the right domain. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com