Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora SELinux Support (http://www.linux-archive.org/fedora-selinux-support/)
-   -   I think we need to have a good look at polkit in f18 (http://www.linux-archive.org/fedora-selinux-support/701670-i-think-we-need-have-good-look-polkit-f18.html)

Dominick Grift 09-08-2012 09:37 AM
I think we need to have a good look at polkit in f18
 
I noticed some paths changed like :

+/usr/lib/polkit-1/polkit-agent-helper-1 --
gen_context(system_u:object_r:policykit_auth_exec_ t,s0)
+/usr/lib/polkit-1/polkitd --
gen_context(system_u:object_r:policykit_exec_t,s0)

But also stuff like:

/usr/libexec/polkit-gnome-authentication-agent-1

polkit-kde has its own

also might want to take a look at:

gksu-polkit
lxpolkit

etc:

i noticed this when i was writing policy in f18.

I also had to add stuff like:

-allow policykit_t self:process getattr;
+allow policykit_t self:process { execmem getattr getsched setsched };

+dev_search_sysfs(policykit_t)

+optional_policy(`
+ dbus_connect_system_bus(policykit_t)
+ dbus_system_bus_client(policykit_t)
+
+ systemd_dbus_chat_logind(policykit_t)
+')

and some more.

It obviously needs some attention

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Dominick Grift 09-08-2012 03:19 PM
I think we need to have a good look at polkit in f18
 
Never mind most of this. Its there and so i must have overlooked

On Sat, 2012-09-08 at 11:37 +0200, Dominick Grift wrote:
> I noticed some paths changed like :
>
> +/usr/lib/polkit-1/polkit-agent-helper-1 --
> gen_context(system_u:object_r:policykit_auth_exec_ t,s0)
> +/usr/lib/polkit-1/polkitd --
> gen_context(system_u:object_r:policykit_exec_t,s0)
>
> But also stuff like:
>
> /usr/libexec/polkit-gnome-authentication-agent-1
>
> polkit-kde has its own
>
> also might want to take a look at:
>
> gksu-polkit
> lxpolkit
>
> etc:
>
> i noticed this when i was writing policy in f18.
>
> I also had to add stuff like:
>
> -allow policykit_t self:process getattr;
> +allow policykit_t self:process { execmem getattr getsched setsched };
>
> +dev_search_sysfs(policykit_t)
>
> +optional_policy(`
> + dbus_connect_system_bus(policykit_t)
> + dbus_system_bus_client(policykit_t)
> +
> + systemd_dbus_chat_logind(policykit_t)
> +')
>
> and some more.
>
> It obviously needs some attention
>


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux


All times are GMT. The time now is 02:37 PM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.