Created attachment 898974 [details] [PATCH] contrib: Add KMSCon policy module Please review & eventually apply attached change. Thank you!
Created attachment 898975 [details] [PATCH] contrib: Add KMSCon policy module Updated patch for autospawned kmscon instances. The following probably belongs to systemd.te instead: optional_policy(` kmscon_systemctl(systemd_logind_t) ')
Lukas, could you review this policy?
Ping? /me *puppy face*
Hi Lubomir, At first thank you for your policy, but could you check structure of our policies in git repo and reorganized your policy? It would be great! Secondly, it's necessary to label conf (/etc/kmscon) files? if you need any help feel free to contact me.
(In reply to Lukas Vrabec from comment #4) > Hi Lubomir, > > At first thank you for your policy, but could you check structure of our > policies in git repo and reorganized your policy? I'm not really sure what do you mean here. Comparing my policy to the existing ones I seem to be missing the section marker comments; I can fix up that one. Anything else that needs to be done? > It would be great! > Secondly, it's necessary to label conf (/etc/kmscon) files? Well, there wouldn't be any real reason to let it be labelled etc_t, unless some other interface used already allows access to etc_t. I'll check that. Is that what you meant? > > if you need any help feel free to contact me. Well, it seems that I do need some :)
If there is kmscon_admin() interface we should label it. Lubomir, Lukas meant just follow http://oss.tresys.com/projects/refpolicy/wiki/StyleGuide
Exactly, I want find it for you, but Miroslav overtake me.
commit da14431fc22cd35ee14762d9cdac15955eeaf1a2 Author: Lukas Vrabec <lvrabec> Date: Thu Jun 12 17:11:29 2014 +0200 re-arrange kmscon policy commit dcce1e7a3f90f1c1edba39c6598288c3cf916f06 Author: Lubomir Rintel <lkundrak> Date: Sat May 24 21:06:04 2014 +0200 contrib: Add KMSCon policy module Thank you for patch! It will be included in next rawhide selinux-policy package.
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle. Changing version to '22'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22
selinux-policy-3.13.1-116.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-116.fc22
Package selinux-policy-3.13.1-116.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-116.fc22' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-3508/selinux-policy-3.13.1-116.fc22 then log in and leave karma (feedback).
selinux-policy-3.13.1-116.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.