From: dominick.grift@gmail.com (Dominick Grift) Date: Wed, 17 Apr 2013 18:37:06 +0200 Subject: [refpolicy] [PATCH 02/13] Support tagfiles for consolekit In-Reply-To: <1365669283-22005-3-git-send-email-sven.vermeulen@siphos.be> References: <1365669283-22005-1-git-send-email-sven.vermeulen@siphos.be> <1365669283-22005-3-git-send-email-sven.vermeulen@siphos.be> Message-ID: <1366216626.2803.38.camel@x220.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Thu, 2013-04-11 at 10:34 +0200, Sven Vermeulen wrote: > Gentoo currently still uses the pam-foreground compatibility, which causes > ConsoleKit to set tagfiles in the pam_console tag directory (/var/run/console). > As /var/run is dynamic nowadays, ConsoleKit also creates the directory. > > Allow ConsoleKit to create such directory with the right file transition in > place. > > Debian also has this (already in policy) so duplicate settings for Gentoo. As > the policy includes a transition, I'm less inclined to make this a global policy > change as I have no idea what the impact would be on other distributions such as > Fedora/RedHat. > > Signed-off-by: Sven Vermeulen Merged with changes, thanks Made this unconditional as this does not seem to conflict with fedora > --- > consolekit.te | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/consolekit.te b/consolekit.te > index 5f0c793..aff2f51 100644 > --- a/consolekit.te > +++ b/consolekit.te > @@ -92,6 +92,11 @@ ifdef(`distro_debian',` > auth_pid_filetrans_pam_var_console(consolekit_t, dir, "console") > ') > > +ifdef(`distro_gentoo',` > + auth_create_pam_console_data_dirs(consolekit_t) > + auth_pid_filetrans_pam_var_console(consolekit_t, dir, "console") > +') > + > optional_policy(` > dbus_system_domain(consolekit_t, consolekit_exec_t) >