From: guido@trentalancia.com (Guido Trentalancia) Date: Wed, 24 May 2017 15:25:02 +0200 Subject: [refpolicy] [PATCH] dbus: let session bus daemon manage user runtime dirs In-Reply-To: <20170524124454.GB1910@julius.enp8s0.d30> References: <1495629542.7394.3.camel@trentalancia.com> <20170524124454.GB1910@julius.enp8s0.d30> Message-ID: <1495632302.13711.0.camel@trentalancia.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Wed, 24/05/2017 at 14.44 +0200, Dominick Grift via refpolicy wrote: > On Wed, May 24, 2017 at 02:39:02PM +0200, Guido Trentalancia via > refpolicy wrote: > > Let the session dbus process manage user runtime directories. > > > > Signed-off-by: Guido Trentalancia > > --- > > ?policy/modules/contrib/dbus.te |????2 ++ > > ?1 file changed, 2 insertions(+) > > > > --- a/policy/modules/contrib/dbus.te 2017-04-26 > > 17:47:20.555423022 +0200 > > +++ b/policy/modules/contrib/dbus.te 2017-05-24 > > 14:15:08.786740326 +0200 > > @@ -255,6 +255,8 @@ seutil_read_default_contexts(session_bus > > ? > > ?term_use_all_terms(session_bus_type) > > ? > > +userdom_manage_user_runtime_dirs(session_bus_type) > > + > > is that for "$XDG_RUNTIME_DIR/dbus-1" ? I would probably use a > private type here??(predictable name so name-based type transition is > an option) although i do not know what that dir is used for Yes, this is a very good idea, I'll post a revised version of this patch ! > > ?optional_policy(` > > ? xserver_rw_xsession_log(session_bus_type) > > ? xserver_use_xdm_fds(session_bus_type) Regards, Guido