bboozzoo / rpms / snapd

Forked from rpms/snapd 4 years ago
Clone
Source Code
GIT

Files

  1.   8854fe69004cf2c914121b4200bb7bbb5c4b2ea0
  2.   1003-data-selinux-add-policykit_dbus_chat.patch
Blob Blame History Raw 
From 57a9c3b627a970a73947a2d45d16d0baf4d4f027 Mon Sep 17 00:00:00 2001
From: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Date: Mon, 18 Dec 2017 08:09:38 +0100
Subject: [PATCH 1003/1003] data/selinux: add policykit_dbus_chat()

Add an optional policy to allow policykit_dbus_chat(). Enables sending to and
receiving messages from policykit.

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
---
 data/selinux/snappy.te | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/data/selinux/snappy.te b/data/selinux/snappy.te
index 3370fb394..cd2f0fccc 100644
--- a/data/selinux/snappy.te
+++ b/data/selinux/snappy.te
@@ -216,6 +216,7 @@ corenet_udp_sendrecv_dns_port(snappy_t)
 corenet_tcp_connect_dns_port(snappy_t)
 corenet_sendrecv_dns_client_packets(snappy_t)
 
-# allow polkit to reply to snapd
-gen_require(` type policykit_t; class dbus send_msg; ')
-allow policykit_t snappy_t:dbus send_msg;
+# allow communication with polkit over dbus
+optional_policy(`
+  policykit_dbus_chat(snappy_t)
+')
-- 
2.14.3
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.