From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 25 Jun 2014 10:33:40 -0400
Subject: [refpolicy] [PATCH] File Context for tumbler
In-Reply-To: <1403549214-26532-2-git-send-email-jason@perfinion.com>
References: <1403549214-26532-1-git-send-email-jason@perfinion.com>
	<1403549214-26532-2-git-send-email-jason@perfinion.com>
Message-ID: <53AADDC4.6010703@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 6/23/2014 2:46 PM, Jason Zaman wrote:
> Tumbler is a D-Bus service for applications to request thumbnails

Perhaps I'm misunderstanding, but if this is a service, why aren't you
creating a domain for this?  Running a service in dbus's domain
typically isn't the best choice.


> Signed-off-by: Jason Zaman <jason@perfinion.com>
> ---
>  policy/modules/kernel/corecommands.fc | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
> index 5961142..6a86cda 100644
> --- a/policy/modules/kernel/corecommands.fc
> +++ b/policy/modules/kernel/corecommands.fc
> @@ -244,6 +244,7 @@ ifdef(`distro_gentoo',`
>  /usr/lib/xfce4/session/xfsm-shutdown-helper -- gen_context(system_u:object_r:bin_t,s0)
>  /usr/lib/xfce4/xfconf/xfconfd	--	gen_context(system_u:object_r:bin_t,s0)
>  /usr/lib/xfce4/xfwm4/helper-dialog --	gen_context(system_u:object_r:bin_t,s0)
> +/usr/lib/tumbler-1/tumblerd	--	gen_context(system_u:object_r:bin_t,s0)
>  
>  /usr/lib/couchdb/erlang/lib/couch-[0-9.]+/priv/couchspawnkillable -- gen_context(system_u:object_r:bin_t,s0)
>  
> 

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com