2017-04-13 23:24:58

by guido

[permalink] [raw]
Subject: [refpolicy] [PATCH 4/10] dbus: add process getcap permission

Update the dbus module with a new permission.

Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/dbus.te | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- refpolicy-2.20170204-orig/policy/modules/contrib/dbus.te 2017-02-04 19:30:39.000000000 +0100
+++ refpolicy-2.20170204/policy/modules/contrib/dbus.te 2017-04-13 11:46:29.263364408 +0200
@@ -170,7 +171,7 @@ optional_policy(`
#

dontaudit session_bus_type self:capability sys_resource;
-allow session_bus_type self:process { getattr sigkill signal };
+allow session_bus_type self:process { getattr getcap sigkill signal };
dontaudit session_bus_type self:process { ptrace setrlimit };
allow session_bus_type self:file { getattr read write };
allow session_bus_type self:fifo_file rw_fifo_file_perms;