From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-989927-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 9BF4B138806
	for <garchives@archives.gentoo.org>; Tue, 12 Dec 2017 07:59:30 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 6FA2AE0FD5;
	Tue, 12 Dec 2017 07:59:18 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 2C2CEE0FD5
	for <gentoo-commits@lists.gentoo.org>; Tue, 12 Dec 2017 07:59:18 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 2026C33FE49
	for <gentoo-commits@lists.gentoo.org>; Tue, 12 Dec 2017 07:59:17 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id A2E41AE92
	for <gentoo-commits@lists.gentoo.org>; Tue, 12 Dec 2017 07:59:13 +0000 (UTC)
From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" <perfinion@gentoo.org>
Message-ID: <1513062450.bc4e25c63e5f4ec7536c59e64867e0ff97b4ffb4.perfinion@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/contrib/dbus.te policy/modules/contrib/devicekit.te policy/modules/contrib/modemmanager.te policy/modules/contrib/networkmanager.te policy/modules/contrib/virt.te
X-VCS-Directories: policy/modules/contrib/
X-VCS-Committer: perfinion
X-VCS-Committer-Name: Jason Zaman
X-VCS-Revision: bc4e25c63e5f4ec7536c59e64867e0ff97b4ffb4
X-VCS-Branch: master
Date: Tue, 12 Dec 2017 07:59:13 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: b801ceec-9f97-4a1e-9ff8-cc52179bccfd
X-Archives-Hash: 4c23734976babdb0cca55c99abaa0539

commit:     bc4e25c63e5f4ec7536c59e64867e0ff97b4ffb4
Author:     Laurent Bigonville <bigon <AT> debian <DOT> org>
AuthorDate: Mon Dec 11 10:23:44 2017 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Tue Dec 12 07:07:30 2017 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=bc4e25c6

Call systemd_write_inherited_logind_inhibit_pipes() where needed

Multiple domains need to talk to logind to set inhibits

 policy/modules/contrib/dbus.te           | 2 +-
 policy/modules/contrib/devicekit.te      | 4 ++++
 policy/modules/contrib/modemmanager.te   | 4 ++++
 policy/modules/contrib/networkmanager.te | 1 +
 policy/modules/contrib/virt.te           | 4 ++++
 5 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/policy/modules/contrib/dbus.te b/policy/modules/contrib/dbus.te
index 7281c0a4..d7e41c7e 100644
--- a/policy/modules/contrib/dbus.te
+++ b/policy/modules/contrib/dbus.te
@@ -164,8 +164,8 @@ ifdef(`init_systemd', `
 optional_policy(`
 	# for /run/systemd/users/*
 	systemd_read_logind_pids(system_dbusd_t)
+	systemd_write_inherited_logind_inhibit_pipes(system_dbusd_t)
 	systemd_write_inherited_logind_sessions_pipes(system_dbusd_t)
-	systemd_write_logind_pid_pipes(system_dbusd_t)
 ')
 
 optional_policy(`

diff --git a/policy/modules/contrib/devicekit.te b/policy/modules/contrib/devicekit.te
index 1730193d..53dff76e 100644
--- a/policy/modules/contrib/devicekit.te
+++ b/policy/modules/contrib/devicekit.te
@@ -345,6 +345,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	systemd_write_inherited_logind_inhibit_pipes(devicekit_power_t)
+')
+
+optional_policy(`
 	udev_read_db(devicekit_power_t)
 	udev_manage_pid_files(devicekit_power_t)
 ')

diff --git a/policy/modules/contrib/modemmanager.te b/policy/modules/contrib/modemmanager.te
index 8dcbeead..9e064a40 100644
--- a/policy/modules/contrib/modemmanager.te
+++ b/policy/modules/contrib/modemmanager.te
@@ -56,3 +56,7 @@ optional_policy(`
 	udev_read_db(modemmanager_t)
 	udev_manage_pid_files(modemmanager_t)
 ')
+
+optional_policy(`
+	systemd_write_inherited_logind_inhibit_pipes(modemmanager_t)
+')

diff --git a/policy/modules/contrib/networkmanager.te b/policy/modules/contrib/networkmanager.te
index 1aecd329..779b3c69 100644
--- a/policy/modules/contrib/networkmanager.te
+++ b/policy/modules/contrib/networkmanager.te
@@ -350,6 +350,7 @@ optional_policy(`
 
 optional_policy(`
 	systemd_read_logind_sessions_files(NetworkManager_t)
+	systemd_write_inherited_logind_inhibit_pipes(NetworkManager_t)
 ')
 
 optional_policy(`

diff --git a/policy/modules/contrib/virt.te b/policy/modules/contrib/virt.te
index de57096e..546f3375 100644
--- a/policy/modules/contrib/virt.te
+++ b/policy/modules/contrib/virt.te
@@ -818,6 +818,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	systemd_write_inherited_logind_inhibit_pipes(virtd_t)
+')
+
+optional_policy(`
 	kernel_read_xen_state(virtd_t)
 	kernel_write_xen_state(virtd_t)