From: jason@perfinion.com (Jason Zaman) Date: Sun, 14 Aug 2016 01:59:16 +0800 Subject: [refpolicy] [PATCH] Allow some dbus chat permissions for the unprivileged user role In-Reply-To: <993078225.954011.1471108361800.JavaMail.open-xchange@popper08.register.it> References: <993078225.954011.1471108361800.JavaMail.open-xchange@popper08.register.it> Message-ID: <20160813175916.GA9700@meriadoc.perfinion.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sat, Aug 13, 2016 at 07:12:41PM +0200, guido guido wrote: > Allow the unprivileged user to chat over dbus with a few > other domains (e.g. in a gnome session). > > Signed-off-by: Guido Trentalancia > --- > policy/modules/roles/unprivuser.te | 14 ++++++++++++++ These should probably be added to template(`userdom_common_user_template',` in system/userdomain.if so that all roles get it. otherwise staff_t wont have them -- Jason > 1 file changed, 14 insertions(+) > > --- refpolicy-git-06082016-orig/policy/modules/roles/unprivuser.te 2016-08-06 > 21:26:43.293774259 +0200 > +++ refpolicy-git-06082016/policy/modules/roles/unprivuser.te 2016-08-13 > 15:05:58.696124415 +0200 > @@ -13,14 +13,27 @@ policy_module(unprivuser, 2.6.0) > userdom_unpriv_user_template(user) > > optional_policy(` > + accountsd_dbus_chat(user_t) > +') > + > +optional_policy(` > apache_role(user_r, user_t) > ') > > optional_policy(` > + devicekit_dbus_chat_disk(user_t) > + devicekit_dbus_chat_power(user_t) > +') > + > +optional_policy(` > git_role(user_r, user_t) > ') > > optional_policy(` > + rtkit_daemon_dbus_chat(user_t) > +') > + > +optional_policy(` > screen_role_template(user, user_r, user_t) > ') > > @@ -30,6 +43,7 @@ optional_policy(` > > optional_policy(` > xserver_role(user_r, user_t) > + xdm_dbus_chat(user_t) > ') > > ifndef(`distro_redhat',` > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy