From: bigon@debian.org (Laurent Bigonville)
Date: Wed,  5 Dec 2012 21:39:23 +0100
Subject: [refpolicy] [PATCH 2/7] Allow udev_t domain to read files labeled
	as consolekit_var_run_t
In-Reply-To: <1354739968-4547-1-git-send-email-bigon@debian.org>
References: <1354739968-4547-1-git-send-email-bigon@debian.org>
Message-ID: <1354739968-4547-2-git-send-email-bigon@debian.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: Laurent Bigonville <bigon@bigon.be>

When the active session is changed, the udev-acl executable is called
by ConsoleKit. It will then read the ConsoleKit database to figure out
which is the active one.
---
 policy/modules/system/udev.te |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index a2a4167..630d3e9 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -221,6 +221,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	consolekit_read_pid_files(udev_t)
+')
+
+optional_policy(`
 	cups_domtrans_config(udev_t)
 ')
 
-- 
1.7.10.4