Re: SE Linux policy update
On Sat, 19 Mar 2011, Russell Coker <russell@coker.com.au> wrote:
> Below is the definition of gnome_role, when it is called the first
> parameter $1 equals the second parameter $2 from the above optional_policy
> and $2 is the $1_dbusd_t. So it substitutes to
> domain_auto_trans($1_dbusd_t, gconfd_exec_t, gconfd_t). That matches the
> description in the changelog.
>
> interface(`gnome_role',`
> gen_require(`
> type gconfd_t, gconfd_exec_t;
> type gconf_tmp_t;
> ')
>
> role $1 types gconfd_t;
>
> domain_auto_trans($1_dbusd_t, gconfd_exec_t, gconfd_t)
> allow gconfd_t $2:fd use;
> allow gconfd_t $2:fifo_file write;
> allow gconfd_t $2:unix_stream_socket connectto;
>
> ps_process_pattern($2, gconfd_t)
>
> #gnome_stream_connect_gconf_template($1, $2)
> read_files_pattern($2, gconf_tmp_t, gconf_tmp_t)
> allow $2 gconfd_t:unix_stream_socket connectto;
> ')
Sorry, in my previous message I somehow managed to paste the version number
over the top of the domain_auto_trans in the above.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
Reply to: