From: dominick.grift@gmail.com (grift) Date: Thu, 06 Dec 2012 16:40:36 +0100 Subject: [refpolicy] [PATCH 3/9] Run packagekit under apt_t context on Debian distribution In-Reply-To: <1354745012-24557-3-git-send-email-bigon@debian.org> References: <1354745012-24557-1-git-send-email-bigon@debian.org> <1354745012-24557-3-git-send-email-bigon@debian.org> Message-ID: <1354808436.25618.76.camel@localhost> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Wed, 2012-12-05 at 23:03 +0100, Laurent Bigonville wrote: > From: Laurent Bigonville > > Properly label the daemon and the needed files and directories > > Also allow the daemon to transition to its own context when started by > the system dbus This was merged, thanks > --- > apt.fc | 3 +++ > apt.te | 4 ++++ > rpm.fc | 4 ++-- > 3 files changed, 9 insertions(+), 2 deletions(-) > > diff --git a/apt.fc b/apt.fc > index 93d315c..1fd6888 100644 > --- a/apt.fc > +++ b/apt.fc > @@ -2,7 +2,10 @@ ifndef(`distro_redhat',` > /usr/bin/apt-get -- gen_context(system_u:object_r:apt_exec_t,s0) > /usr/bin/apt-shell -- gen_context(system_u:object_r:apt_exec_t,s0) > /usr/bin/aptitude -- gen_context(system_u:object_r:apt_exec_t,s0) > +/usr/lib/packagekit/packagekitd -- gen_context(system_u:object_r:apt_exec_t,s0) > /usr/sbin/synaptic -- gen_context(system_u:object_r:apt_exec_t,s0) > +/var/cache/PackageKit(/.*)? gen_context(system_u:object_r:apt_var_cache_t,s0) > +/var/lib/PackageKit(/.*)? gen_context(system_u:object_r:apt_var_lib_t,s0) > ') > > /var/cache/apt(/.*)? gen_context(system_u:object_r:apt_var_cache_t,s0) > diff --git a/apt.te b/apt.te > index 5ffc8b8..aaa43cc 100644 > --- a/apt.te > +++ b/apt.te > @@ -125,6 +125,10 @@ optional_policy(` > ') > > optional_policy(` > + dbus_system_domain(apt_t, apt_exec_t) > +') > + > +optional_policy(` > dpkg_read_db(apt_t) > dpkg_domtrans(apt_t) > dpkg_lock_db(apt_t) > diff --git a/rpm.fc b/rpm.fc > index e37a2d5..ebe91fc 100644 > --- a/rpm.fc > +++ b/rpm.fc > @@ -31,17 +31,17 @@ ifdef(`distro_redhat',` > /usr/bin/apt-shell -- gen_context(system_u:object_r:rpm_exec_t,s0) > /usr/bin/aptitude -- gen_context(system_u:object_r:rpm_exec_t,s0) > /usr/sbin/synaptic -- gen_context(system_u:object_r:rpm_exec_t,s0) > +/var/cache/PackageKit(/.*)? gen_context(system_u:object_r:rpm_var_cache_t,s0) > +/var/lib/PackageKit(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0) > ') > > /usr/share/yumex/yumex-yum-backend -- gen_context(system_u:object_r:rpm_exec_t,s0) > /usr/share/yumex/yum_childtask\.py -- gen_context(system_u:object_r:rpm_exec_t,s0) > > /var/cache/bcfg2(/.*)? gen_context(system_u:object_r:rpm_var_cache_t,s0) > -/var/cache/PackageKit(/.*)? gen_context(system_u:object_r:rpm_var_cache_t,s0) > /var/cache/yum(/.*)? gen_context(system_u:object_r:rpm_var_cache_t,s0) > > /var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0) > -/var/lib/PackageKit(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0) > /var/lib/rpm(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0) > /var/lib/YaST2(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0) > /var/lib/yum(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)