From: guido@trentalancia.net (Guido Trentalancia) Date: Wed, 19 Apr 2017 15:47:15 +0200 Subject: [refpolicy] [PATCH] second strict patch In-Reply-To: <201704192336.03913.russell@coker.com.au> References: <20170419110059.edrv6goiv2xwrnvk@athena.coker.com.au> <1492603989.4994.1.camel@trentalancia.net> <201704192336.03913.russell@coker.com.au> Message-ID: <1492609635.4994.19.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Wed, 19/04/2017 at 23.36 +1000, Russell Coker wrote: > On Wed, 19 Apr 2017 10:13:09 PM Guido Trentalancia via refpolicy > wrote: > > >?????? allow $3 { gconf_home_t gconf_tmp_t }:dir { > manage_dir_perms > > > relabel_dir_perms }; > > >?????? allow $3 { gconf_home_t gconf_tmp_t }:file { > > > manage_file_perms relabel_file_perms }; > > > +???? allow $3 gconfd_t:dbus send_msg; > > > +???? allow gconfd_t $3:dbus send_msg; > > >?????? userdom_user_home_dir_filetrans($3, gconf_home_t, dir, > > > ".gconf") > > >?????? userdom_user_home_dir_filetrans($3, gconf_home_t, dir, > > > ".gconfd") > > >?? > >? > > The above permission for gconfd to chat over dbus is the same that > I > > have recently added in the following patch: > >? > > http://oss.tresys.com/pipermail/refpolicy/2017-April/009286.html > >? > > It is not advisable to add the same permission twice. Did you not > see > > the patch that I posted ? > > I don't have time to read all the patches that are applied. > > I generate my patches against the git repository which doesn't appear > to have? > a patch for this. Yes, that's fine, I also lack the time to read everything. But now, you understand that I did submit such patch before you submitted yours... Regards, Guido