From 58cc9903ddf80efa36df86f036dfacfcbfba251c Mon Sep 17 00:00:00 2001 From: LABBE Corentin Date: Tue, 18 Aug 2009 17:06:54 +0200 Subject: [PATCH 1/5] Missing comma in policykit --- policy/modules/services/policykit.if | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/policy/modules/services/policykit.if b/policy/modules/services/policykit.if index 1ade30602..4dbbc70e7 100644 --- a/policy/modules/services/policykit.if +++ b/policy/modules/services/policykit.if @@ -167,7 +167,7 @@ interface(`policykit_domtrans_resolve',` domtrans_pattern($1, policykit_resolve_exec_t, policykit_resolve_t) - ps_process_pattern(policykit_resolve_t $1) + ps_process_pattern(policykit_resolve_t, $1) ') ######################################## From 755c52b8f7d784f74f70a0b1ae36f677660473a9 Mon Sep 17 00:00:00 2001 From: LABBE Corentin Date: Tue, 18 Aug 2009 17:06:55 +0200 Subject: [PATCH 2/5] portage need capability sys_nice --- policy/modules/admin/portage.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te index 26b2572c2..1d176ab9a 100644 --- a/policy/modules/admin/portage.te +++ b/policy/modules/admin/portage.te @@ -119,6 +119,7 @@ optional_policy(` # - setfscreate for merging to live fs # - setexec to run portage fetch allow portage_t self:process { setfscreate setexec }; +allow portage_t self:capability sys_nice; allow portage_t portage_log_t:file manage_file_perms; logging_log_filetrans(portage_t, portage_log_t, file) From 0d700b0fa15287a4e9f06b5296e75684a7119903 Mon Sep 17 00:00:00 2001 From: LABBE Corentin Date: Tue, 18 Aug 2009 17:06:56 +0200 Subject: [PATCH 3/5] Gentoo dbus in libexec --- policy/modules/services/dbus.fc | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/services/dbus.fc b/policy/modules/services/dbus.fc index a88652f37..31b7e0659 100644 --- a/policy/modules/services/dbus.fc +++ b/policy/modules/services/dbus.fc @@ -6,6 +6,7 @@ /lib/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0) /lib64/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0) +/usr/libexec/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0) /var/lib/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_lib_t,s0) From 62c80e2546a7e632390486e0815e9dc2e3a21b7a Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Tue, 18 Aug 2009 13:20:01 -0400 Subject: [PATCH 4/5] module version bumps and changelog update for the previous 3 commits. --- Changelog | 1 + policy/modules/admin/portage.te | 2 +- policy/modules/services/dbus.te | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Changelog b/Changelog index c291c2807..28115b8d1 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,4 @@ +- Misc Gentoo fixes from Corentin Labbe. - Debian policykit fixes from Martin Orr. - Fix unconfined_r use of unconfined_java_t. - Add missing x_device rules for XI2 functions, from Eamon Walsh. diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te index 1d176ab9a..c3154d12e 100644 --- a/policy/modules/admin/portage.te +++ b/policy/modules/admin/portage.te @@ -1,5 +1,5 @@ -policy_module(portage, 1.8.0) +policy_module(portage, 1.8.1) ######################################## # diff --git a/policy/modules/services/dbus.te b/policy/modules/services/dbus.te index 8c8395ad2..aa857cb23 100644 --- a/policy/modules/services/dbus.te +++ b/policy/modules/services/dbus.te @@ -1,5 +1,5 @@ -policy_module(dbus, 1.11.0) +policy_module(dbus, 1.11.1) gen_require(` class dbus all_dbus_perms; From 048427703847ab140999a3392329c90f0519e3da Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Tue, 18 Aug 2009 13:37:46 -0400 Subject: [PATCH 5/5] reorganize dbus.fc. --- policy/modules/services/dbus.fc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/policy/modules/services/dbus.fc b/policy/modules/services/dbus.fc index 31b7e0659..81eba149f 100644 --- a/policy/modules/services/dbus.fc +++ b/policy/modules/services/dbus.fc @@ -1,11 +1,11 @@ /etc/dbus-1(/.*)? gen_context(system_u:object_r:dbusd_etc_t,s0) -# Sorting does not work correctly if I combine these next two roles -/usr/bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:dbusd_exec_t,s0) /bin/dbus-daemon -- gen_context(system_u:object_r:dbusd_exec_t,s0) /lib/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0) /lib64/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0) + +/usr/bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:dbusd_exec_t,s0) /usr/libexec/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0) /var/lib/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_lib_t,s0)