From: bigon@debian.org (Laurent Bigonville)
Date: Mon, 11 Dec 2017 11:23:44 +0100
Subject: [refpolicy] [PATCH] Call
	systemd_write_inherited_logind_inhibit_pipes() where needed
Message-ID: <20171211102344.24330-1-bigon@debian.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: Laurent Bigonville <bigon@bigon.be>

Multiple domains need to talk to logind to set inhibits
---
 dbus.te           | 2 +-
 devicekit.te      | 4 ++++
 modemmanager.te   | 4 ++++
 networkmanager.te | 1 +
 virt.te           | 4 ++++
 5 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/dbus.te b/dbus.te
index 5f2199c..282eba4 100644
--- a/dbus.te
+++ b/dbus.te
@@ -158,8 +158,8 @@ ifdef(`init_systemd', `
 optional_policy(`
 	# for /run/systemd/users/*
 	systemd_read_logind_pids(system_dbusd_t)
+	systemd_write_inherited_logind_inhibit_pipes(system_dbusd_t)
 	systemd_write_inherited_logind_sessions_pipes(system_dbusd_t)
-	systemd_write_logind_pid_pipes(system_dbusd_t)
 ')
 
 optional_policy(`
diff --git a/devicekit.te b/devicekit.te
index 1730193..53dff76 100644
--- a/devicekit.te
+++ b/devicekit.te
@@ -344,6 +344,10 @@ optional_policy(`
 	readahead_domtrans(devicekit_power_t)
 ')
 
+optional_policy(`
+	systemd_write_inherited_logind_inhibit_pipes(devicekit_power_t)
+')
+
 optional_policy(`
 	udev_read_db(devicekit_power_t)
 	udev_manage_pid_files(devicekit_power_t)
diff --git a/modemmanager.te b/modemmanager.te
index 8dcbeea..9e064a4 100644
--- a/modemmanager.te
+++ b/modemmanager.te
@@ -56,3 +56,7 @@ optional_policy(`
 	udev_read_db(modemmanager_t)
 	udev_manage_pid_files(modemmanager_t)
 ')
+
+optional_policy(`
+	systemd_write_inherited_logind_inhibit_pipes(modemmanager_t)
+')
diff --git a/networkmanager.te b/networkmanager.te
index 985f734..eb437e8 100644
--- a/networkmanager.te
+++ b/networkmanager.te
@@ -345,6 +345,7 @@ optional_policy(`
 
 optional_policy(`
 	systemd_read_logind_sessions_files(NetworkManager_t)
+	systemd_write_inherited_logind_inhibit_pipes(NetworkManager_t)
 ')
 
 optional_policy(`
diff --git a/virt.te b/virt.te
index 8528761..3bb9b25 100644
--- a/virt.te
+++ b/virt.te
@@ -813,6 +813,10 @@ optional_policy(`
 	sasl_connect(virtd_t)
 ')
 
+optional_policy(`
+	systemd_write_inherited_logind_inhibit_pipes(virtd_t)
+')
+
 optional_policy(`
 	kernel_read_xen_state(virtd_t)
 	kernel_write_xen_state(virtd_t)
-- 
2.15.1