commit: 5a8818391194c993b1e0a4b8c2dc758097f8aed3 Author: Jason Zaman <jason <AT> perfinion <DOT> com> AuthorDate: Wed May 10 09:07:26 2017 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Thu May 25 17:03:59 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=5a881839
consolekit: introduce consolekit_use_inhibit_lock interface Applications hold FDs while they hold the lock. Implements this API: https://www.freedesktop.org/wiki/Software/systemd/inhibit/ policy/modules/contrib/consolekit.if | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/policy/modules/contrib/consolekit.if b/policy/modules/contrib/consolekit.if index 5b830ec9..c2c203f1 100644 --- a/policy/modules/contrib/consolekit.if +++ b/policy/modules/contrib/consolekit.if @@ -42,6 +42,25 @@ interface(`consolekit_dbus_chat',` ######################################## ## <summary> +## Take inhibit locks from consolekit +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`consolekit_use_inhibit_lock',` + gen_require(` + type consolekit_t, consolekit_var_run_t; + ') + + allow $1 consolekit_t:fd use; + allow $1 consolekit_var_run_t:fifo_file rw_fifo_file_perms; +') + +######################################## +## <summary> ## Read consolekit log files. ## </summary> ## <param name="domain">
