commit: 253e430e534a8ad537b55b4fb3f4465e489d8d7d
Author: Russell Coker <russell <AT> coker <DOT> com <DOT> au>
AuthorDate: Mon Sep 22 11:30:00 2025 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Nov 16 00:13:57 2025 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=253e430e
Some small patches for accountsd
Signed-off-by: Russell Coker <russell <AT> coker.com.au>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/services/accountsd.te | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/policy/modules/services/accountsd.te
b/policy/modules/services/accountsd.te
index 37ca80419..27a2a0597 100644
--- a/policy/modules/services/accountsd.te
+++ b/policy/modules/services/accountsd.te
@@ -23,8 +23,8 @@ files_type(accountsd_var_lib_t)
# Local policy
#
-allow accountsd_t self:capability { chown dac_override setgid setuid
sys_ptrace };
-allow accountsd_t self:process signal;
+allow accountsd_t self:capability { chown dac_override setgid setuid
sys_ptrace sys_nice };
+allow accountsd_t self:process { signal getsched setsched };
allow accountsd_t self:fifo_file rw_fifo_file_perms;
allow accountsd_t self:passwd { chfn chsh passwd rootok };
@@ -51,6 +51,8 @@ auth_use_nsswitch(accountsd_t)
auth_read_login_records(accountsd_t)
auth_read_shadow(accountsd_t)
+init_search_units(accountsd_t)
+
miscfiles_read_localization(accountsd_t)
logging_list_logs(accountsd_t)
@@ -72,6 +74,10 @@ optional_policy(`
policykit_dbus_chat(accountsd_t)
')
+optional_policy(`
+ unconfined_dbus_send(accountsd_t)
+')
+
optional_policy(`
xserver_read_xdm_tmp_files(accountsd_t)
')
