From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 9BF4B138806 for ; Tue, 12 Dec 2017 07:59:30 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6FA2AE0FD5; Tue, 12 Dec 2017 07:59:18 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 2C2CEE0FD5 for ; Tue, 12 Dec 2017 07:59:18 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 2026C33FE49 for ; Tue, 12 Dec 2017 07:59:17 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id A2E41AE92 for ; Tue, 12 Dec 2017 07:59:13 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1513062450.bc4e25c63e5f4ec7536c59e64867e0ff97b4ffb4.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/dbus.te policy/modules/contrib/devicekit.te policy/modules/contrib/modemmanager.te policy/modules/contrib/networkmanager.te policy/modules/contrib/virt.te X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: bc4e25c63e5f4ec7536c59e64867e0ff97b4ffb4 X-VCS-Branch: master Date: Tue, 12 Dec 2017 07:59:13 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: b801ceec-9f97-4a1e-9ff8-cc52179bccfd X-Archives-Hash: 4c23734976babdb0cca55c99abaa0539 commit: bc4e25c63e5f4ec7536c59e64867e0ff97b4ffb4 Author: Laurent Bigonville debian org> AuthorDate: Mon Dec 11 10:23:44 2017 +0000 Commit: Jason Zaman gentoo org> CommitDate: Tue Dec 12 07:07:30 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=bc4e25c6 Call systemd_write_inherited_logind_inhibit_pipes() where needed Multiple domains need to talk to logind to set inhibits policy/modules/contrib/dbus.te | 2 +- policy/modules/contrib/devicekit.te | 4 ++++ policy/modules/contrib/modemmanager.te | 4 ++++ policy/modules/contrib/networkmanager.te | 1 + policy/modules/contrib/virt.te | 4 ++++ 5 files changed, 14 insertions(+), 1 deletion(-) diff --git a/policy/modules/contrib/dbus.te b/policy/modules/contrib/dbus.te index 7281c0a4..d7e41c7e 100644 --- a/policy/modules/contrib/dbus.te +++ b/policy/modules/contrib/dbus.te @@ -164,8 +164,8 @@ ifdef(`init_systemd', ` optional_policy(` # for /run/systemd/users/* systemd_read_logind_pids(system_dbusd_t) + systemd_write_inherited_logind_inhibit_pipes(system_dbusd_t) systemd_write_inherited_logind_sessions_pipes(system_dbusd_t) - systemd_write_logind_pid_pipes(system_dbusd_t) ') optional_policy(` diff --git a/policy/modules/contrib/devicekit.te b/policy/modules/contrib/devicekit.te index 1730193d..53dff76e 100644 --- a/policy/modules/contrib/devicekit.te +++ b/policy/modules/contrib/devicekit.te @@ -345,6 +345,10 @@ optional_policy(` ') optional_policy(` + systemd_write_inherited_logind_inhibit_pipes(devicekit_power_t) +') + +optional_policy(` udev_read_db(devicekit_power_t) udev_manage_pid_files(devicekit_power_t) ') diff --git a/policy/modules/contrib/modemmanager.te b/policy/modules/contrib/modemmanager.te index 8dcbeead..9e064a40 100644 --- a/policy/modules/contrib/modemmanager.te +++ b/policy/modules/contrib/modemmanager.te @@ -56,3 +56,7 @@ optional_policy(` udev_read_db(modemmanager_t) udev_manage_pid_files(modemmanager_t) ') + +optional_policy(` + systemd_write_inherited_logind_inhibit_pipes(modemmanager_t) +') diff --git a/policy/modules/contrib/networkmanager.te b/policy/modules/contrib/networkmanager.te index 1aecd329..779b3c69 100644 --- a/policy/modules/contrib/networkmanager.te +++ b/policy/modules/contrib/networkmanager.te @@ -350,6 +350,7 @@ optional_policy(` optional_policy(` systemd_read_logind_sessions_files(NetworkManager_t) + systemd_write_inherited_logind_inhibit_pipes(NetworkManager_t) ') optional_policy(` diff --git a/policy/modules/contrib/virt.te b/policy/modules/contrib/virt.te index de57096e..546f3375 100644 --- a/policy/modules/contrib/virt.te +++ b/policy/modules/contrib/virt.te @@ -818,6 +818,10 @@ optional_policy(` ') optional_policy(` + systemd_write_inherited_logind_inhibit_pipes(virtd_t) +') + +optional_policy(` kernel_read_xen_state(virtd_t) kernel_write_xen_state(virtd_t)