rpms / selinux-policy

Clone
Source Code
GIT

Blame strict/domains/program/dbusd.te

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   a1fcff33f2daf2c4e978ed7bbb25e6412908c235
  2.   strict
  3.   domains
  4.   program
  5.   dbusd.te
Blob History Raw
Chris PeBenito 0fbfa5 
#DESC dbus-daemon-1 server for dbus desktop bus protocol
Chris PeBenito 0fbfa5 
#
Chris PeBenito 0fbfa5 
# Author:  Russell Coker <russell@coker.com.au>
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
dbusd_domain(system)
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
allow system_dbusd_t system_dbusd_var_run_t:sock_file create_file_perms;
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
ifdef(`pamconsole.te', `
Chris PeBenito 0fbfa5 
r_dir_file(system_dbusd_t, pam_var_console_t)
Chris PeBenito 0fbfa5 
')
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
# dac_override: /var/run/dbus is owned by messagebus on Debian
Chris PeBenito 0fbfa5 
allow system_dbusd_t self:capability { dac_override setgid setuid };
Chris PeBenito 0fbfa5 
can_ypbind(system_dbusd_t)
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
# I expect we need more than this
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
allow initrc_t system_dbusd_t:dbus { send_msg acquire_svc };
Chris PeBenito a1fcff 
allow initrc_t system_dbusd_t:unix_stream_socket connectto;
Chris PeBenito a1fcff 
allow initrc_t system_dbusd_var_run_t:sock_file write;
Chris PeBenito 0fbfa5
Chris PeBenito a1fcff 
can_exec(system_dbusd_t, sbin_t)
Chris PeBenito a1fcff 
allow system_dbusd_t self:fifo_file { read write };
Chris PeBenito a1fcff 
allow system_dbusd_t self:unix_stream_socket connectto;

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation