From: dominick.grift@gmail.com (Dominick Grift)
Date: Wed, 17 Apr 2013 18:37:36 +0200
Subject: [refpolicy] [PATCH 03/13] ConsoleKit needs to read the dbus
 machine-id
In-Reply-To: <1365669283-22005-4-git-send-email-sven.vermeulen@siphos.be>
References: <1365669283-22005-1-git-send-email-sven.vermeulen@siphos.be>
	<1365669283-22005-4-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1366216656.2803.39.camel@x220.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, 2013-04-11 at 10:34 +0200, Sven Vermeulen wrote:
> The dbus integration in ConsoleKit reads in the machine-id as provided through
> dbus (/var/lib/dbus/machine-id).
> 
> On Gentoo, this location is a symbolic link to /etc/machine-id however, so we
> update the interface to support reading the symbolic link files too.
> 
> See also ConsoleKit's src/ck-manager.c function generate_session_cookie (calls
> dbus_get_local_machine_id).
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>

Merged, thanks
> ---
>  consolekit.te | 1 +
>  dbus.if       | 1 +
>  2 files changed, 2 insertions(+)
> 
> diff --git a/consolekit.te b/consolekit.te
> index aff2f51..6874d9a 100644
> --- a/consolekit.te
> +++ b/consolekit.te
> @@ -98,6 +98,7 @@ ifdef(`distro_gentoo',`
>  ')
>  
>  optional_policy(`
> +	dbus_read_lib_files(consolekit_t)
>  	dbus_system_domain(consolekit_t, consolekit_exec_t)
>  
>  	optional_policy(`
> diff --git a/dbus.if b/dbus.if
> index afcf3a2..62d22cb 100644
> --- a/dbus.if
> +++ b/dbus.if
> @@ -356,6 +356,7 @@ interface(`dbus_read_lib_files',`
>  
>  	files_search_var_lib($1)
>  	read_files_pattern($1, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
> +	read_lnk_files_pattern($1, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
>  ')
>  
>  ########################################