From: guido@trentalancia.net (Guido Trentalancia) Date: Wed, 19 Apr 2017 14:13:09 +0200 Subject: [refpolicy] [PATCH] second strict patch In-Reply-To: <20170419110059.edrv6goiv2xwrnvk@athena.coker.com.au> References: <20170419110059.edrv6goiv2xwrnvk@athena.coker.com.au> Message-ID: <1492603989.4994.1.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Also, I am already adding a permission in a patch that I recently posted... Please see below. On Wed, 19/04/2017 at 21.00 +1000, Russell Coker via refpolicy wrote: > This is the rest of my policy that was developed on "strict" > systems.??It also > has no inter-dependencies with other patches.??I included the > interface > xdm_sigchld() in this patch as well so it can be applied on it's own, > this > means that it conflicts with the login patch. > > Chris, maybe even if you don't apply this patch or the login patch in > the > near future you could add the xdm_sigchld() interface so that both > patches > can be complete and working and not conflict. > > Index: refpolicy-2.20170419/policy/modules/contrib/gnome.if > =================================================================== > --- refpolicy-2.20170419.orig/policy/modules/contrib/gnome.if > +++ refpolicy-2.20170419/policy/modules/contrib/gnome.if > @@ -76,6 +76,8 @@ template(`gnome_role_template',` > ? > ? allow $3 { gconf_home_t gconf_tmp_t }:dir { manage_dir_perms > relabel_dir_perms }; > ? allow $3 { gconf_home_t gconf_tmp_t }:file { > manage_file_perms relabel_file_perms }; > + allow $3 gconfd_t:dbus send_msg; > + allow gconfd_t $3:dbus send_msg; > ? userdom_user_home_dir_filetrans($3, gconf_home_t, dir, > ".gconf") > ? userdom_user_home_dir_filetrans($3, gconf_home_t, dir, > ".gconfd") > ? The above permission for gconfd to chat over dbus is the same that I have recently added in the following patch: http://oss.tresys.com/pipermail/refpolicy/2017-April/009286.html It is not advisable to add the same permission twice. Did you not see the patch that I posted ? Regards, Guido