commit: 0c11ce5d5e0d54d27e0607a746bab54a45ca09f3
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Thu Feb 15 22:07:08 2018 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Feb 18 11:20:22 2018 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=0c11ce5d
Misc dbus fixes from Russell Coker.
policy/modules/system/init.te | 6 +++++-
policy/modules/system/locallogin.te | 3 ++-
policy/modules/system/systemd.te | 13 ++++++++++++-
policy/modules/system/unconfined.te | 6 +++++-
4 files changed, 24 insertions(+), 4 deletions(-)
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 59c27676..846ab7b5 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1,4 +1,4 @@
-policy_module(init, 2.4.0)
+policy_module(init, 2.4.1)
gen_require(`
class passwd rootok;
@@ -488,6 +488,10 @@ optional_policy(`
optional_policy(`
dbus_system_bus_client(init_t)
+
+ optional_policy(`
+ unconfined_dbus_send(init_t)
+ ')
')
optional_policy(`
diff --git a/policy/modules/system/locallogin.te
b/policy/modules/system/locallogin.te
index 4ea6e87f..f7b428a7 100644
--- a/policy/modules/system/locallogin.te
+++ b/policy/modules/system/locallogin.te
@@ -1,4 +1,4 @@
-policy_module(locallogin, 1.17.0)
+policy_module(locallogin, 1.17.1)
########################################
#
@@ -137,6 +137,7 @@ userdom_create_all_users_keys(local_login_t)
ifdef(`init_systemd',`
auth_manage_faillog(local_login_t)
+ init_dbus_chat(local_login_t)
systemd_dbus_chat_logind(local_login_t)
systemd_use_logind_fds(local_login_t)
systemd_manage_logind_pid_pipes(local_login_t)
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index a8d597b5..0f6b4a45 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -1,4 +1,4 @@
-policy_module(systemd, 1.5.0)
+policy_module(systemd, 1.5.1)
#########################################
#
@@ -308,6 +308,7 @@ systemd_log_parse_environment(systemd_hostnamed_t)
optional_policy(`
dbus_connect_system_bus(systemd_hostnamed_t)
dbus_system_bus_client(systemd_hostnamed_t)
+ init_dbus_chat(systemd_hostnamed_t)
')
optional_policy(`
@@ -450,6 +451,8 @@ userdom_delete_all_user_runtime_files(systemd_logind_t)
userdom_delete_all_user_runtime_named_pipes(systemd_logind_t)
userdom_delete_all_user_runtime_named_sockets(systemd_logind_t)
userdom_delete_all_user_runtime_symlinks(systemd_logind_t)
+# user_tmp_t is for the dbus-1 directory
+userdom_list_user_tmp(systemd_logind_t)
userdom_manage_user_runtime_dirs(systemd_logind_t)
userdom_manage_user_runtime_root_dirs(systemd_logind_t)
userdom_mounton_user_runtime_dirs(systemd_logind_t)
@@ -479,6 +482,10 @@ optional_policy(`
devicekit_dbus_chat_power(systemd_logind_t)
')
+optional_policy(`
+ modemmanager_dbus_chat(systemd_logind_t)
+')
+
optional_policy(`
networkmanager_dbus_chat(systemd_logind_t)
')
@@ -749,6 +756,10 @@ optional_policy(`
allow systemd_machined_t systemd_nspawn_t:dbus send_msg;
dbus_system_bus_client(systemd_nspawn_t)
+
+ optional_policy(`
+ unconfined_dbus_send(systemd_machined_t)
+ ')
')
optional_policy(`
diff --git a/policy/modules/system/unconfined.te
b/policy/modules/system/unconfined.te
index df06aa79..e4d9c1e9 100644
--- a/policy/modules/system/unconfined.te
+++ b/policy/modules/system/unconfined.te
@@ -1,4 +1,4 @@
-policy_module(unconfined, 3.10.0)
+policy_module(unconfined, 3.10.1)
########################################
#
@@ -115,6 +115,10 @@ optional_policy(`
lvm_run(unconfined_t, unconfined_r)
')
+optional_policy(`
+ modemmanager_dbus_chat(unconfined_t)
+')
+
optional_policy(`
modutils_run(unconfined_t, unconfined_r)
')
