From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Thu, 11 Apr 2013 10:34:33 +0200 Subject: [refpolicy] [PATCH 03/13] ConsoleKit needs to read the dbus machine-id In-Reply-To: <1365669283-22005-1-git-send-email-sven.vermeulen@siphos.be> References: <1365669283-22005-1-git-send-email-sven.vermeulen@siphos.be> Message-ID: <1365669283-22005-4-git-send-email-sven.vermeulen@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com The dbus integration in ConsoleKit reads in the machine-id as provided through dbus (/var/lib/dbus/machine-id). On Gentoo, this location is a symbolic link to /etc/machine-id however, so we update the interface to support reading the symbolic link files too. See also ConsoleKit's src/ck-manager.c function generate_session_cookie (calls dbus_get_local_machine_id). Signed-off-by: Sven Vermeulen --- consolekit.te | 1 + dbus.if | 1 + 2 files changed, 2 insertions(+) diff --git a/consolekit.te b/consolekit.te index aff2f51..6874d9a 100644 --- a/consolekit.te +++ b/consolekit.te @@ -98,6 +98,7 @@ ifdef(`distro_gentoo',` ') optional_policy(` + dbus_read_lib_files(consolekit_t) dbus_system_domain(consolekit_t, consolekit_exec_t) optional_policy(` diff --git a/dbus.if b/dbus.if index afcf3a2..62d22cb 100644 --- a/dbus.if +++ b/dbus.if @@ -356,6 +356,7 @@ interface(`dbus_read_lib_files',` files_search_var_lib($1) read_files_pattern($1, system_dbusd_var_lib_t, system_dbusd_var_lib_t) + read_lnk_files_pattern($1, system_dbusd_var_lib_t, system_dbusd_var_lib_t) ') ######################################## -- 1.8.1.5