FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 09-08-2012, 09:37 AM
Dominick Grift
 
Default I think we need to have a good look at polkit in f18

I noticed some paths changed like :

+/usr/lib/polkit-1/polkit-agent-helper-1 --
gen_context(system_ubject_rolicykit_auth_exec_ t,s0)
+/usr/lib/polkit-1/polkitd --
gen_context(system_ubject_rolicykit_exec_t,s0)

But also stuff like:

/usr/libexec/polkit-gnome-authentication-agent-1

polkit-kde has its own

also might want to take a look at:

gksu-polkit
lxpolkit

etc:

i noticed this when i was writing policy in f18.

I also had to add stuff like:

-allow policykit_t selfrocess getattr;
+allow policykit_t selfrocess { execmem getattr getsched setsched };

+dev_search_sysfs(policykit_t)

+optional_policy(`
+ dbus_connect_system_bus(policykit_t)
+ dbus_system_bus_client(policykit_t)
+
+ systemd_dbus_chat_logind(policykit_t)
+')

and some more.

It obviously needs some attention

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 09-08-2012, 03:19 PM
Dominick Grift
 
Default I think we need to have a good look at polkit in f18

Never mind most of this. Its there and so i must have overlooked

On Sat, 2012-09-08 at 11:37 +0200, Dominick Grift wrote:
> I noticed some paths changed like :
>
> +/usr/lib/polkit-1/polkit-agent-helper-1 --
> gen_context(system_ubject_rolicykit_auth_exec_ t,s0)
> +/usr/lib/polkit-1/polkitd --
> gen_context(system_ubject_rolicykit_exec_t,s0)
>
> But also stuff like:
>
> /usr/libexec/polkit-gnome-authentication-agent-1
>
> polkit-kde has its own
>
> also might want to take a look at:
>
> gksu-polkit
> lxpolkit
>
> etc:
>
> i noticed this when i was writing policy in f18.
>
> I also had to add stuff like:
>
> -allow policykit_t selfrocess getattr;
> +allow policykit_t selfrocess { execmem getattr getsched setsched };
>
> +dev_search_sysfs(policykit_t)
>
> +optional_policy(`
> + dbus_connect_system_bus(policykit_t)
> + dbus_system_bus_client(policykit_t)
> +
> + systemd_dbus_chat_logind(policykit_t)
> +')
>
> and some more.
>
> It obviously needs some attention
>


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 10:15 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org