From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id A05E0138A1F for ; Thu, 17 Apr 2014 19:04:34 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id AE0C1E0AB4; Thu, 17 Apr 2014 19:04:33 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E6619E0AB4 for ; Thu, 17 Apr 2014 19:04:32 +0000 (UTC) Received: from spoonbill.gentoo.org (spoonbill.gentoo.org [81.93.255.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id DEB2034037C for ; Thu, 17 Apr 2014 19:04:31 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by spoonbill.gentoo.org (Postfix) with ESMTP id 8A0E4181AA for ; Thu, 17 Apr 2014 19:04:30 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1397761328.1b3f7528b59220920ac2b66e3e5fd2aa960c4c5e.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/gnome.te X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: 1b3f7528b59220920ac2b66e3e5fd2aa960c4c5e X-VCS-Branch: master Date: Thu, 17 Apr 2014 19:04:30 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 79532ad7-81c2-4beb-8b81-ba8745334f8c X-Archives-Hash: 3ae77d3d07c26dbbc72356c49355358b commit: 1b3f7528b59220920ac2b66e3e5fd2aa960c4c5e Author: Laurent Bigonville bigon be> AuthorDate: Fri Apr 11 17:27:15 2014 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Thu Apr 17 19:02:08 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=1b3f7528 Allow gconfd to be started by the session bus Allow gconfd to be started by the session bus and make it transition to its own domain. It also connects to the system bus to listen to signals from org.gnome.GConf.Defaults interface --- policy/modules/contrib/gnome.te | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/policy/modules/contrib/gnome.te b/policy/modules/contrib/gnome.te index 0b45360..e6fe219 100644 --- a/policy/modules/contrib/gnome.te +++ b/policy/modules/contrib/gnome.te @@ -97,6 +97,12 @@ userdom_manage_user_tmp_dirs(gconfd_t) userdom_tmp_filetrans_user_tmp(gconfd_t, dir) optional_policy(` + dbus_all_session_domain(gconfd_t, gconfd_exec_t) + + dbus_system_bus_client(gconfd_t) +') + +optional_policy(` nscd_dontaudit_search_pid(gconfd_t) ')