init.te: Allow access to search initrc_state_t. #4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
avc: denied { watch } for pid=12351 comm="gmain" path="/usr/share/backgrounds/xfce" dev="zfs" ino=366749 scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=dir permissive=0
avc: denied { watch } for pid=11646 comm="gmain" path="/etc/fonts" dev="zfs" ino=237700 scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fonts_t:s0 tclass=dir permissive=0
avc: denied { watch } for pid=12351 comm="gmain" path="/home/jason/Desktop" dev="zfs" ino=33153 scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:user_home_t:s0 tclass=dir permissive=0
avc: denied { watch } for pid=12574 comm="gmain" path="/home/jason/.local/share/icc" dev="zfs" ino=1954514 scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:xdg_data_t:s0 tclass=dir permissive=0
avc: denied { watch } for pid=11795 comm="gmain" path="/home/jason/.config/xfce4/panel/launcher-19" dev="zfs" ino=35464 scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:xdg_config_t:s0 tclass=dir permissive=0
avc: denied { watch } for pid=12351 comm="gmain" path="/home/jason/downloads/pics" dev="zfs" ino=38173 scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:xdg_downloads_t:s0 tclass=dir permissive=0
Signed-off-by: Jason Zaman <[email protected]>
Closes: perfinion#1 Signed-off-by: Jason Zaman <[email protected]>
Signed-off-by: Jonathan Davies <[email protected]> Signed-off-by: Jason Zaman <[email protected]>
Signed-off-by: Jonathan Davies <[email protected]> Signed-off-by: Jason Zaman <[email protected]>
avc: denied { watch } for pid=2485 comm="agetty" path="/run/agetty.reload" dev="tmpfs" ino=22050 scontext=system_u:system_r:getty_t:s0 tcontext=system_u:object_r:getty_runtime_t:s0 tclass=file permissive=0
Signed-off-by: Jason Zaman <[email protected]>
Almost all calls to dbus_ interfaces were already optional, this makes the remaining one optional_policy so that the modules can be installed / upgraded easier. Signed-off-by: Jason Zaman <[email protected]>
Commit "init: replace call to init_domtrans_script" (be23189 in upstream repo) removed the call to init_domtrans_script which removed the openrc domtrans. This adds it back directly in the distro_gentoo block. Signed-off-by: Jason Zaman <[email protected]>
Signed-off-by: Jonathan Davies <[email protected]>
perfinion
force-pushed
the
next
branch
3 times, most recently
from
ebddee2
to
a2d5d05
Compare
perfinion
force-pushed
the
next
branch
3 times, most recently
from
bb14657
to
2cf786c
Compare
perfinion
force-pushed
the
next
branch
2 times, most recently
from
d34168a
to
4d9da0f
Compare
|
This PR has not had any recent activity. It will be closed in 7 days if it makes no further progress. |
|
Closing stale PR. |
perfinion
requested changes
Nov 12, 2021
| @@ -755,6 +756,7 @@ fs_unmount_all_fs(initrc_t) | |||
| fs_remount_all_fs(initrc_t) | |||
| fs_getattr_all_fs(initrc_t) | |||
| fs_search_all(initrc_t) | |||
| fs_search_all(initrc_state_t) | |||
There was a problem hiding this comment.
fs_search_all(initrc_state_t) doesnt make sense. initrc_state_t is a file type, domains do the searching, files don't.
This looks like parts were merged already? Is this just a stray line that I dropped when I merged the rest? It looks like there are a bunch of other commits in this PR so I'm guessing it picked up more when I merged stuff?
This looks like the only outstanding line? Can you re-check and fix this PR so its just the needed stuff or maybe close if we've already merged the important bits?
perfinion
force-pushed
the
next
branch
3 times, most recently
from
898d969
to
fbd1b99
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.