From: jason@perfinion.com (Jason Zaman) Date: Tue, 6 Sep 2016 17:18:42 +0800 Subject: [refpolicy] [PATCH v4] Update for the gnome policy and file contexts In-Reply-To: <1472909664.1560.6.camel@trentalancia.net> References: <1471099545.21480.27.camel@trentalancia.net> <1471296811.28802.0.camel@trentalancia.net> <1471704772.17584.9.camel@trentalancia.net> <1471894798.19333.1.camel@trentalancia.net> <20160901042035.GA23615@meriadoc.perfinion.com> <1472722380.6210.17.camel@trentalancia.net> <20160901115329.GA9845@meriadoc.perfinion.com> <1472732930.30863.18.camel@trentalancia.net> <20160901140602.GA2268@meriadoc.perfinion.com> <1472740839.17989.11.camel@trentalancia.net> <20160901152110.GA13593@meriadoc.perfinion.com> <1472909664.1560.6.camel@trentalancia.net> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com > On Thu, 01/09/2016 at 23.21 +0800, Jason Zaman wrote: > > Why cant you just prefix the atspi domains too? > > type_transition staff_atspi_t dbusd_exec_t:process staff_dbusd_t; > > type_transition user_atspi_t dbusd_exec_t:process user_dbusd_t; > > The latter (prefixing the other domains, such as at_spi, that at some > point need to transition back to the user domain) solved the problem > that I was experiencing ! > > Brilliant idea... Thanks very much for your advice !! > > Unfortunately, I don't know if I can really update this patch for the > mailing list and resubmit it, because there are very strict > requirements on its length. > > It's a shame, but I cannot split it in several parts because this patch > is made of highly interdependent bits... Great that it works! Can you rebase the patch on master then send me the file directly (not to the list since it's big). Then I can take a look and comment. If this works well for dbus session programs we probably want to make a few templates to handle the common stuff first. Then we can do the specific patches separately for atspi and the other programs afterwards. It's a big change but I'm sure we can figure out a good way to organise it. I use xfce so will check if there are more things that use dbus so we can make the templates good for everything at the same time. -- Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20160906/6f094538/attachment.html