From: guido@trentalancia.com (Guido Trentalancia)
Date: Wed, 24 May 2017 15:25:02 +0200
Subject: [refpolicy] [PATCH] dbus: let session bus daemon manage user
 runtime dirs
In-Reply-To: <20170524124454.GB1910@julius.enp8s0.d30>
References: <1495629542.7394.3.camel@trentalancia.com>
	<20170524124454.GB1910@julius.enp8s0.d30>
Message-ID: <1495632302.13711.0.camel@trentalancia.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Wed, 24/05/2017 at 14.44 +0200, Dominick Grift via
refpolicy wrote:
> On Wed, May 24, 2017 at 02:39:02PM +0200, Guido Trentalancia via
> refpolicy wrote:
> > Let the session dbus process manage user runtime directories.
> > 
> > Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
> > ---
> > ?policy/modules/contrib/dbus.te |????2 ++
> > ?1 file changed, 2 insertions(+)
> > 
> > --- a/policy/modules/contrib/dbus.te	2017-04-26
> > 17:47:20.555423022 +0200
> > +++ b/policy/modules/contrib/dbus.te	2017-05-24
> > 14:15:08.786740326 +0200
> > @@ -255,6 +255,8 @@ seutil_read_default_contexts(session_bus
> > ?
> > ?term_use_all_terms(session_bus_type)
> > ?
> > +userdom_manage_user_runtime_dirs(session_bus_type)
> > +
> 
> is that for "$XDG_RUNTIME_DIR/dbus-1" ? I would probably use a
> private type here??(predictable name so name-based type transition is
> an option) although i do not know what that dir is used for

Yes, this is a very good idea, I'll post a revised version of this
patch !

> > ?optional_policy(`
> > ?	xserver_rw_xsession_log(session_bus_type)
> > ?	xserver_use_xdm_fds(session_bus_type)

Regards,

Guido