Merge branch 'locallogin_module' of git://github.com/cgzones/refpolicy

This commit is contained in:
Chris PeBenito 2017-02-26 12:09:11 -05:00
commit f727615595
1 changed files with 4 additions and 4 deletions

View File

@ -33,8 +33,7 @@ role system_r types sulogin_t;
#
allow local_login_t self:capability { chown dac_override fowner fsetid kill setgid setuid sys_nice sys_resource sys_tty_config };
allow local_login_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow local_login_t self:process { setrlimit setexec };
allow local_login_t self:process { setexec setrlimit setsched };
allow local_login_t self:fd use;
allow local_login_t self:fifo_file rw_fifo_file_perms;
allow local_login_t self:sock_file read_sock_file_perms;
@ -171,7 +170,9 @@ optional_policy(`
optional_policy(`
dbus_system_bus_client(local_login_t)
consolekit_dbus_chat(local_login_t)
optional_policy(`
consolekit_dbus_chat(local_login_t)
')
')
optional_policy(`
@ -211,7 +212,6 @@ optional_policy(`
#
allow sulogin_t self:capability dac_override;
allow sulogin_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow sulogin_t self:fd use;
allow sulogin_t self:fifo_file rw_fifo_file_perms;
allow sulogin_t self:unix_dgram_socket create_socket_perms;