From: dac.override@gmail.com (Dominick Grift)
Date: Sun, 14 Aug 2016 21:40:32 +0200
Subject: [refpolicy] [PATCH] Allow dbus to execute binaries
In-Reply-To: <1471203435.27146.24.camel@trentalancia.net>
References: <395201837.942692.1471122911126.JavaMail.open-xchange@popper02.register.it>
	<f5b9d69c-96f0-f4ef-1cf0-0df34ab6c304@gmail.com>
	<1471203435.27146.24.camel@trentalancia.net>
Message-ID: <e2cfb5e0-4dda-889a-a9be-1128a0d98d6f@gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 08/14/2016 09:37 PM, Guido Trentalancia wrote:
> On Sun, 14/08/2016 at 11.00 +0200, Dominick Grift wrote:
>> On 08/13/2016 11:15 PM, Guido Trentalancia wrote:
>>> Update for the dbus module so that it can start.
>>
>> What binary are you referring to?
> 
> Apparently it tries to execute /bin/false. If it fails, it refuses to
> start.
> 

Oh sorry i overlooked this reply. I can't reproduce this. Please
reproduce and enclose the avc denial. This shouldnt be needed in my
experience.

>>> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
>>> ---
>>>  policy/modules/contrib/dbus.te |    1 +
>>>  1 file changed, 1 insertion(+)
>>>
>>> --- refpolicy-git-06082016-orig/policy/modules/contrib/dbus.te	
>>> 2016-08-06
>>> 21:27:11.344094223 +0200
>>> +++ refpolicy-git-06082016/policy/modules/contrib/dbus.te	20
>>> 16-08-13
>>> 13:20:54.013168684 +0200
>>> @@ -91,6 +91,7 @@ kernel_read_kernel_sysctls(system_dbusd_
>>>  corecmd_list_bin(system_dbusd_t)
>>>  corecmd_read_bin_pipes(system_dbusd_t)
>>>  corecmd_read_bin_sockets(system_dbusd_t)
>>> +corecmd_exec_bin(system_dbusd_t)
>>>  corecmd_exec_shell(system_dbusd_t)
>>>  
>>>  dev_read_urand(system_dbusd_t)
> 
> Best regards,
> 
> Guido
> 


-- 
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8  02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20160814/9f654707/attachment-0001.bin