From: dac.override@gmail.com (Dominick Grift) Date: Mon, 13 Apr 2015 21:32:14 +0200 Subject: [refpolicy] [PATCH 1/3] pulseaudio: filetrans for autospawn.lock In-Reply-To: <1428939373-20020-1-git-send-email-jason@perfinion.com> References: <1428939373-20020-1-git-send-email-jason@perfinion.com> Message-ID: <20150413193213.GE32570@x131e> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Mon, Apr 13, 2015 at 07:36:11PM +0400, Jason Zaman wrote: > Pulseaudio tries to acquire /tmp/pulse-*/autospawn.lock, this adds the > filetrans rule. > > $ start-pulseaudio-x11 > W: [autospawn] core-util.c: Failed to create lock file '/tmp/pulse-PKdhtXMmr18n/autospawn.lock': Permission denied > E: [pulseaudio] main.c: Failed to acquire autospawn lock The pulseaudio policy is fragile, granted, but this rule makes sense to me. Merged, thanks > --- > pulseaudio.te | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/pulseaudio.te b/pulseaudio.te > index 4665af2..648de3a 100644 > --- a/pulseaudio.te > +++ b/pulseaudio.te > @@ -56,6 +56,7 @@ manage_dirs_pattern(pulseaudio_t, pulseaudio_tmp_t, pulseaudio_tmp_t) > manage_files_pattern(pulseaudio_t, pulseaudio_tmp_t, pulseaudio_tmp_t) > manage_sock_files_pattern(pulseaudio_t, pulseaudio_tmp_t, pulseaudio_tmp_t) > files_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, dir) > +userdom_user_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, file, "autospawn.lock") > userdom_user_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, file, "pid") > userdom_user_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, sock_file, "dbus-socket") > userdom_user_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, sock_file, "native") > -- > 2.0.5 > > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy -- 02DFF788 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788 Dominick Grift -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 648 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20150413/5c36d04b/attachment.bin