From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id F062B1389E2 for ; Tue, 2 Dec 2014 13:38:21 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 80B51E087E; Tue, 2 Dec 2014 13:38:21 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 2B2AEE087E for ; Tue, 2 Dec 2014 13:38:20 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 91B8E3405FE for ; Tue, 2 Dec 2014 13:38:19 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 3D8C7B5AD for ; Tue, 2 Dec 2014 13:38:18 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1417527306.59a3260e881ac62c74ff0882ea9945843614bfcf.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:userroles commit in: policy/modules/roles/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/roles/staff.te policy/modules/roles/unprivuser.te X-VCS-Directories: policy/modules/roles/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: 59a3260e881ac62c74ff0882ea9945843614bfcf X-VCS-Branch: userroles Date: Tue, 2 Dec 2014 13:38:18 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 5b6fbf77-1f4d-4631-a0a6-ea67fc363dbb X-Archives-Hash: d2e4ecd4077e89691d5645bd290dab4e commit: 59a3260e881ac62c74ff0882ea9945843614bfcf Author: Jason Zaman perfinion com> AuthorDate: Tue Dec 2 12:00:05 2014 +0000 Commit: Jason Zaman perfinion com> CommitDate: Tue Dec 2 13:35:06 2014 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=59a3260e Allow users to talk to devicekit Needed to read battery status and disk info. type=USER_AVC msg=audit(1417367573.060:234): pid=3121 uid=101 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.UPower member=DeviceChanged dest=org.freedesktop.DBus spid=3606 tpid=3858 scontext=system_u:system_r:devicekit_power_t tcontext=staff_u:staff_r:staff_t tclass=dbus exe="/usr/bin/dbus-daemon" sauid=101 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(1417363447.011:103525): pid=3339 uid=101 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.DBus.Properties member=PropertiesChanged dest=org.freedesktop.DBus spid=4094 tpid=4090 scontext=system_u:system_r:devicekit_disk_t tcontext=staff_u:staff_r:staff_t tclass=dbus exe="/usr/bin/dbus-daemon" sauid=101 hostname=? addr=? terminal=?' --- policy/modules/roles/staff.te | 5 +++++ policy/modules/roles/unprivuser.te | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te index 70e5a75..ae8469c 100644 --- a/policy/modules/roles/staff.te +++ b/policy/modules/roles/staff.te @@ -200,6 +200,11 @@ ifdef(`distro_gentoo',` ') optional_policy(` + devicekit_dbus_chat_disk(staff_t) + devicekit_dbus_chat_power(staff_t) + ') + + optional_policy(` dropbox_role(staff_t, staff_r) ') diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te index b07fef1..255ceae 100644 --- a/policy/modules/roles/unprivuser.te +++ b/policy/modules/roles/unprivuser.te @@ -185,6 +185,11 @@ ifdef(`distro_gentoo',` ') optional_policy(` + devicekit_dbus_chat_disk(user_t) + devicekit_dbus_chat_power(user_t) + ') + + optional_policy(` dropbox_role(user_r, user_t) ')