LinuxLists.cc - [refpolicy] [PATCH] Update the rtkit module

2016-08-10 00:16:09

Subject: [refpolicy] [PATCH] Update the rtkit module

Update the rtkit daemon module so that the daemon can be started.

Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/rtkit.te | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)

--- refpolicy-git-06082016-orig/policy/modules/contrib/rtkit.te 2016-08-06 21:27:11.420095090 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/rtkit.te 2016-08-10 02:06:22.708084566 +0200
@@ -20,7 +20,7 @@ init_unit_file(rtkit_daemon_unit_t)
# Local policy
#

-allow rtkit_daemon_t self:capability { dac_read_search setuid sys_chroot setgid sys_nice sys_ptrace };
+allow rtkit_daemon_t self:capability { dac_read_search setgid setpcap setuid sys_chroot sys_nice sys_ptrace };
allow rtkit_daemon_t self:process { setsched getcap setcap setrlimit };

kernel_read_system_state(rtkit_daemon_t)
@@ -37,6 +37,13 @@ logging_send_syslog_msg(rtkit_daemon_t)
miscfiles_read_localization(rtkit_daemon_t)

optional_policy(`
+ gen_require(`
+ type user_t;
+ ')
+ rtkit_daemon_dbus_chat(user_t)
+')
+
+optional_policy(`
dbus_system_domain(rtkit_daemon_t, rtkit_daemon_exec_t)

optional_policy(`

2016-08-13 13:26:42

by guido

[permalink] [raw]

Subject: [refpolicy] [PATCH v2] Update the rtkit module

Update the rtkit daemon module so that the daemon can be started.

Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/rtkit.te | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- refpolicy-git-06082016-orig/policy/modules/contrib/rtkit.te 2016-08-06 21:27:11.420095090 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/rtkit.te 2016-08-13 15:06:37.239716395 +0200
@@ -20,7 +20,7 @@ init_unit_file(rtkit_daemon_unit_t)
# Local policy
#

-allow rtkit_daemon_t self:capability { dac_read_search setuid sys_chroot setgid sys_nice sys_ptrace };
+allow rtkit_daemon_t self:capability { dac_read_search setgid setpcap setuid sys_chroot sys_nice sys_ptrace };
allow rtkit_daemon_t self:process { setsched getcap setcap setrlimit };

kernel_read_system_state(rtkit_daemon_t)

2016-08-13 13:55:33

by Chris PeBenito

[permalink] [raw]

Subject: [refpolicy] [PATCH v2] Update the rtkit module

On 08/13/16 09:26, Guido Trentalancia wrote:
> Update the rtkit daemon module so that the daemon can be started.
>
> Signed-off-by: Guido Trentalancia <[email protected]>
> ---
> policy/modules/contrib/rtkit.te | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> --- refpolicy-git-06082016-orig/policy/modules/contrib/rtkit.te 2016-08-06 21:27:11.420095090 +0200
> +++ refpolicy-git-06082016/policy/modules/contrib/rtkit.te 2016-08-13 15:06:37.239716395 +0200
> @@ -20,7 +20,7 @@ init_unit_file(rtkit_daemon_unit_t)
> # Local policy
> #
>
> -allow rtkit_daemon_t self:capability { dac_read_search setuid sys_chroot setgid sys_nice sys_ptrace };
> +allow rtkit_daemon_t self:capability { dac_read_search setgid setpcap setuid sys_chroot sys_nice sys_ptrace };
> allow rtkit_daemon_t self:process { setsched getcap setcap setrlimit };
>
> kernel_read_system_state(rtkit_daemon_t)

Merged.

--
Chris PeBenito