From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Thu, 11 Apr 2013 10:34:32 +0200
Subject: [refpolicy] [PATCH 02/13] Support tagfiles for consolekit
In-Reply-To: <1365669283-22005-1-git-send-email-sven.vermeulen@siphos.be>
References: <1365669283-22005-1-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1365669283-22005-3-git-send-email-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Gentoo currently still uses the pam-foreground compatibility, which causes
ConsoleKit to set tagfiles in the pam_console tag directory (/var/run/console).
As /var/run is dynamic nowadays, ConsoleKit also creates the directory.

Allow ConsoleKit to create such directory with the right file transition in
place.

Debian also has this (already in policy) so duplicate settings for Gentoo. As
the policy includes a transition, I'm less inclined to make this a global policy
change as I have no idea what the impact would be on other distributions such as
Fedora/RedHat.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 consolekit.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/consolekit.te b/consolekit.te
index 5f0c793..aff2f51 100644
--- a/consolekit.te
+++ b/consolekit.te
@@ -92,6 +92,11 @@ ifdef(`distro_debian',`
 	auth_pid_filetrans_pam_var_console(consolekit_t, dir, "console")
 ')
 
+ifdef(`distro_gentoo',`
+	auth_create_pam_console_data_dirs(consolekit_t)
+	auth_pid_filetrans_pam_var_console(consolekit_t, dir, "console")
+')
+
 optional_policy(`
 	dbus_system_domain(consolekit_t, consolekit_exec_t)
 
-- 
1.8.1.5