From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 07 Dec 2012 00:48:59 -0500
Subject: [refpolicy] [PATCH 2/7] Allow udev_t domain to read files
 labeled as consolekit_var_run_t
In-Reply-To: <1354739968-4547-2-git-send-email-bigon@debian.org>
References: <1354739968-4547-1-git-send-email-bigon@debian.org>
	<1354739968-4547-2-git-send-email-bigon@debian.org>
Message-ID: <50C1834B.2060008@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 12/5/2012 3:39 PM, Laurent Bigonville wrote:
> From: Laurent Bigonville <bigon@bigon.be>
>
> When the active session is changed, the udev-acl executable is called
> by ConsoleKit. It will then read the ConsoleKit database to figure out
> which is the active one.
> ---
>   policy/modules/system/udev.te |    4 ++++
>   1 file changed, 4 insertions(+)
>
> diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
> index a2a4167..630d3e9 100644
> --- a/policy/modules/system/udev.te
> +++ b/policy/modules/system/udev.te
> @@ -221,6 +221,10 @@ optional_policy(`
>   ')
>
>   optional_policy(`
> +	consolekit_read_pid_files(udev_t)
> +')
> +
> +optional_policy(`
>   	cups_domtrans_config(udev_t)
>   ')

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com