[systemd-devel] selinux policy updates for logind
Daniel J Walsh
dwalsh at redhat.com
Wed Dec 28 05:56:34 PST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/23/2011 09:16 PM, Matthias Clasen wrote:
> I've spent some time playing with the ConsoleKit-replacement
> functionality in logind, and noticed that I couldn't test the
> PolicyKit integration for the poweroff/reboot methods in logind,
> since selinux doesn't let my method calls reach their destination.
>
> Matthias
What AVCs are you seeing?
>
>
> diff -up systemd-37/src/org.freedesktop.login1.conf.selinux
> systemd-37/src/org.freedesktop.login1.conf ---
> systemd-37/src/org.freedesktop.login1.conf.selinux▸‧2011-12-23
> 21:09:32.795513513 -0500 +++
> systemd-37/src/org.freedesktop.login1.conf▸‧2011-12-23
> 21:10:36.456511229 -0500 @@ -69,6 +69,14 @@
> send_member="ActivateSession"/>
>
> <allow send_destination="org.freedesktop.login1" +
> send_interface="org.freedesktop.login1.Manager" +
> send_member="PowerOff"/> + + <allow
> send_destination="org.freedesktop.login1" +
> send_interface="org.freedesktop.login1.Manager" +
> send_member="Reboot"/> + + <allow
> send_destination="org.freedesktop.login1"
> send_interface="org.freedesktop.login1.Seat"
> send_member="ActivateSession"/>
> _______________________________________________ systemd-devel
> mailing list systemd-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk77IBIACgkQrlYvE4MpobNhBQCdFZ0lgAOJQz0M/ApwmqWb0RSA
Dj8An3y/Dja/rT1PmlqDcl8awiCUMuoA
=C5hs
-----END PGP SIGNATURE-----
More information about the systemd-devel
mailing list