From: guido@trentalancia.net (Guido Trentalancia) Date: Sat, 13 Aug 2016 22:26:19 +0200 (CEST) Subject: [refpolicy] [PATCH] Allow some dbus chat permissions for the unprivileged user role In-Reply-To: <20160813175916.GA9700@meriadoc.perfinion.com> References: <993078225.954011.1471108361800.JavaMail.open-xchange@popper08.register.it> <20160813175916.GA9700@meriadoc.perfinion.com> Message-ID: <1814849433.942520.1471119979592.JavaMail.open-xchange@popper02.register.it> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hello Jason, thanks for pointing this out. > On the 13th of August 2016 at 19.59 Jason Zaman wrote: > > > On Sat, Aug 13, 2016 at 07:12:41PM +0200, guido guido wrote: > > Allow the unprivileged user to chat over dbus with a few > > other domains (e.g. in a gnome session). > > > > Signed-off-by: Guido Trentalancia > > --- > > policy/modules/roles/unprivuser.te | 14 ++++++++++++++ > > These should probably be added to > template(`userdom_common_user_template',` in system/userdomain.if so > that all roles get it. otherwise staff_t wont have them I have now created a new patch against the userdomain module so that these get propagated to different roles. > -- Jason > > > 1 file changed, 14 insertions(+) > > > > --- refpolicy-git-06082016-orig/policy/modules/roles/unprivuser.te > > 2016-08-06 > > 21:26:43.293774259 +0200 > > +++ refpolicy-git-06082016/policy/modules/roles/unprivuser.te 2016-08-13 > > 15:05:58.696124415 +0200 > > @@ -13,14 +13,27 @@ policy_module(unprivuser, 2.6.0) > > userdom_unpriv_user_template(user) > > > > optional_policy(` > > + accountsd_dbus_chat(user_t) > > +') > > + > > +optional_policy(` > > apache_role(user_r, user_t) > > ') > > > > optional_policy(` > > + devicekit_dbus_chat_disk(user_t) > > + devicekit_dbus_chat_power(user_t) > > +') > > + > > +optional_policy(` > > git_role(user_r, user_t) > > ') > > > > optional_policy(` > > + rtkit_daemon_dbus_chat(user_t) > > +') > > + > > +optional_policy(` > > screen_role_template(user, user_r, user_t) > > ') > > > > @@ -30,6 +43,7 @@ optional_policy(` > > > > optional_policy(` > > xserver_role(user_r, user_t) > > + xdm_dbus_chat(user_t) > > ') > > > > ifndef(`distro_redhat',` Best regards, Guido