Merge pull request #209 from dsommers/dbus-can-tuntap-2
This commit is contained in:
Chris PeBenito
commit
f5646b7e75
@ -9,6 +9,15 @@ gen_require(`
|
|||||||
# Declarations
|
# Declarations
|
||||||
#
|
#
|
||||||
|
|
||||||
|
## <desc>
|
||||||
|
## <p>
|
||||||
|
## Allow dbus-daemon system bus to access /dev/net/tun
|
||||||
|
## which is needed to pass tun/tap device file descriptors
|
||||||
|
## over D-Bus. This is needed by openvpn3-linux.
|
||||||
|
## </p>
|
||||||
|
## </desc>
|
||||||
|
gen_tunable(dbus_can_pass_tuntap_fd, false)
|
||||||
|
|
||||||
attribute dbusd_unconfined;
|
attribute dbusd_unconfined;
|
||||||
attribute session_bus_type;
|
attribute session_bus_type;
|
||||||
|
|
||||||
@ -165,6 +174,10 @@ ifdef(`init_systemd', `
|
|||||||
init_write_runtime_socket(system_dbusd_t)
|
init_write_runtime_socket(system_dbusd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
tunable_policy(`dbus_can_pass_tuntap_fd',`
|
||||||
|
corenet_rw_tun_tap_dev(system_dbusd_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
# for /run/systemd/users/*
|
# for /run/systemd/users/*
|
||||||
systemd_read_logind_pids(system_dbusd_t)
|
systemd_read_logind_pids(system_dbusd_t)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user