From: guido@trentalancia.net (Guido Trentalancia) Date: Sun, 21 Aug 2016 21:02:38 +0200 Subject: [refpolicy] [PATCH v3] Update for the gnome policy and file contexts In-Reply-To: <9d30fc6e-3ffa-b966-7bd0-d9bd8c881f4d@gmail.com> References: <1471099545.21480.27.camel@trentalancia.net> <1471296811.28802.0.camel@trentalancia.net> <1471704772.17584.9.camel@trentalancia.net> <9d30fc6e-3ffa-b966-7bd0-d9bd8c881f4d@gmail.com> Message-ID: <1471806158.10168.4.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hello. On Sun, 21/08/2016 at 20.49 +0200, Dominick Grift via refpolicy wrote: > On 08/20/2016 04:52 PM, Guido Trentalancia via refpolicy wrote: > > > > Update for the gnome module: > > > > - target the dconf daemon, the gsettings user application, the > > ? gnome-settings-daemon and the at-spi daemon with all the > > ? needed domain transitions; > > - a new gstreamer_orcexec_t type and file context is introduced > > ? to support the OIL Runtime Compiler (ORC) optimized code > > ? execution (used for example by pulseaudio); > > - add support for more permissions needed in gconfd_t and gnome > > ? keyring domains; > > - add support for chat over dbus in the gconfd domain and in the > > ? new domains (dconf, gsettings, etc); > > - add support for a few needed fs and kernel permissions. > > - add support for reading the colord related files in the home > > ? directories (such as the ICC EDID profiles): requires the > > ? recent colord patch; > > - add support for for reading the colord related files in the home > > ? directories in the common user domain template; > > - add support for a new mime_info_t type to be used in the home > > ? directories; > > - includes minor modifications to the consolekit, dbus and > > ? policykit modules to support the new targeted gnome daemons > > ? and applications; > > - modifies the pulseaudio module to introduce new interfaces to > > ? read and write pulseaudio tmpfs files and to use the pulseaudio > > ? file descriptor. > > > > The support for Gnome2/ORBit-2 (version 2) has been dropped. > > if you want me to review this then you have to split this patch into > smaller patches You already reviewed the initial patch. However this new version is much different from it, so you might want to review it again. If you want, I can split it in separate patches, one for each module (colord, consolekit, dbus, gnome, policykit, pulseaudio and userdomain). However, they would be all interdependent, so I can't see much gain in doing that... Is that all right for you ? Regards, Guido