From: guido@trentalancia.net (Guido Trentalancia)
Date: Sun, 14 Aug 2016 21:37:15 +0200
Subject: [refpolicy] [PATCH] Allow dbus to execute binaries
In-Reply-To: <f5b9d69c-96f0-f4ef-1cf0-0df34ab6c304@gmail.com>
References: <395201837.942692.1471122911126.JavaMail.open-xchange@popper02.register.it>
	<f5b9d69c-96f0-f4ef-1cf0-0df34ab6c304@gmail.com>
Message-ID: <1471203435.27146.24.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sun, 14/08/2016 at 11.00 +0200, Dominick Grift wrote:
> On 08/13/2016 11:15 PM, Guido Trentalancia wrote:
> > Update for the dbus module so that it can start.
> 
> What binary are you referring to?

Apparently it tries to execute /bin/false. If it fails, it refuses to
start.

> > Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> > ---
> > ?policy/modules/contrib/dbus.te |????1 +
> > ?1 file changed, 1 insertion(+)
> > 
> > --- refpolicy-git-06082016-orig/policy/modules/contrib/dbus.te	
> > 2016-08-06
> > 21:27:11.344094223 +0200
> > +++ refpolicy-git-06082016/policy/modules/contrib/dbus.te	20
> > 16-08-13
> > 13:20:54.013168684 +0200
> > @@ -91,6 +91,7 @@ kernel_read_kernel_sysctls(system_dbusd_
> > ?corecmd_list_bin(system_dbusd_t)
> > ?corecmd_read_bin_pipes(system_dbusd_t)
> > ?corecmd_read_bin_sockets(system_dbusd_t)
> > +corecmd_exec_bin(system_dbusd_t)
> > ?corecmd_exec_shell(system_dbusd_t)
> > ?
> > ?dev_read_urand(system_dbusd_t)

Best regards,

Guido