From: dac.override@gmail.com (Dominick Grift)
Date: Fri, 26 May 2017 18:16:40 +0200
Subject: [refpolicy] [PATCH 1/4] consolekit: introduce
consolekit_use_inhibit_lock interface
In-Reply-To: <20170526161054.15183-2-jason@perfinion.com>
References: <20170526161054.15183-1-jason@perfinion.com>
<20170526161054.15183-2-jason@perfinion.com>
Message-ID: <20170526161640.GA30439@julius.enp8s0.d30>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com
On Sat, May 27, 2017 at 12:10:51AM +0800, Jason Zaman via refpolicy wrote:
> Applications hold FDs while they hold the lock.
> Implements this API:
> https://www.freedesktop.org/wiki/Software/systemd/inhibit/
> ---
> consolekit.if | 19 +++++++++++++++++++
> 1 file changed, 19 insertions(+)
>
> diff --git a/consolekit.if b/consolekit.if
> index 5b830ec..c2c203f 100644
> --- a/consolekit.if
> +++ b/consolekit.if
> @@ -42,6 +42,25 @@ interface(`consolekit_dbus_chat',`
>
> ########################################
> ##
> +## Take inhibit locks from consolekit
> +##
> +##
> +##
> +## Domain allowed access.
> +##
> +##
> +#
> +interface(`consolekit_use_inhibit_lock',`
> + gen_require(`
> + type consolekit_t, consolekit_var_run_t;
> + ')
> +
> + allow $1 consolekit_t:fd use;
> + allow $1 consolekit_var_run_t:fifo_file rw_fifo_file_perms;
I suppose my personal preference would be consolekit_rw_inherited_runtime_fifo_files():
allow $1 consolekit_t:fd use;
allow $1 consolekit_var_run_t:fifo_file rw_inherited_fifo_file_perms;
But consolekit_use_inhibit_lock() sounds fine as well...
> +')
> +
> +########################################
> +##
> ## Read consolekit log files.
> ##
> ##
> --
> 2.13.0
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20170526/f53b786b/attachment.bin