I noticed some paths changed like :

+/usr/lib/polkit-1/polkit-agent-helper-1 --
gen_context(system_ubject_rolicykit_auth_exec_ t,s0)
+/usr/lib/polkit-1/polkitd --
gen_context(system_ubject_rolicykit_exec_t,s0)

But also stuff like:

/usr/libexec/polkit-gnome-authentication-agent-1

polkit-kde has its own

also might want to take a look at:

gksu-polkit
lxpolkit

etc:

i noticed this when i was writing policy in f18.

I also had to add stuff like:

-allow policykit_t selfrocess getattr;
+allow policykit_t selfrocess { execmem getattr getsched setsched };

+dev_search_sysfs(policykit_t)

+optional_policy(`
+ dbus_connect_system_bus(policykit_t)
+ dbus_system_bus_client(policykit_t)
+
+ systemd_dbus_chat_logind(policykit_t)
+')

and some more.

It obviously needs some attention

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Never mind most of this. Its there and so i must have overlooked

On Sat, 2012-09-08 at 11:37 +0200, Dominick Grift wrote:
> I noticed some paths changed like :
>
> +/usr/lib/polkit-1/polkit-agent-helper-1 --
> gen_context(system_ubject_rolicykit_auth_exec_ t,s0)
> +/usr/lib/polkit-1/polkitd --
> gen_context(system_ubject_rolicykit_exec_t,s0)
>
> But also stuff like:
>
> /usr/libexec/polkit-gnome-authentication-agent-1
>
> polkit-kde has its own
>
> also might want to take a look at:
>
> gksu-polkit
> lxpolkit
>
> etc:
>
> i noticed this when i was writing policy in f18.
>
> I also had to add stuff like:
>
> -allow policykit_t selfrocess getattr;
> +allow policykit_t selfrocess { execmem getattr getsched setsched };
>
> +dev_search_sysfs(policykit_t)
>
> +optional_policy(`
> + dbus_connect_system_bus(policykit_t)
> + dbus_system_bus_client(policykit_t)
> +
> + systemd_dbus_chat_logind(policykit_t)
> +')
>
> and some more.
>
> It obviously needs some attention
>


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux