Skip to content

Commit

Permalink
dbus: Add noatsecure otherwise the socket variable is lost
Browse files Browse the repository at this point in the history
  • Loading branch information
@perfinion
perfinion committed Sep 22, 2024
1 parent fc7c6ff commit ac275c4
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions policy/modules/services/dbus.if
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,9 +105,9 @@ template(`dbus_role_template',`
domtrans_pattern($3, dbusd_exec_t, $1_dbusd_t)

ps_process_pattern($3, $1_dbusd_t)
allow $3 $1_dbusd_t:process { ptrace signal_perms };
allow $3 $1_dbusd_t:process { ptrace signal_perms noatsecure };

allow $1_dbusd_t $3:process sigkill;
allow $1_dbusd_t $3:process { sigkill noatsecure };
allow $1_dbusd_t session_dbusd_tmp_t:sock_file manage_sock_file_perms;
allow $1_dbusd_t self:unix_stream_socket connectto;

Expand Down Expand Up @@ -475,6 +475,7 @@ interface(`dbus_all_session_domain',`
')

domtrans_pattern(session_bus_type, $2, $1)
allow session_bus_type $1:process noatsecure;

dbus_all_session_bus_client($1)
dbus_connect_all_session_bus($1)
Expand Down Expand Up @@ -509,6 +510,7 @@ template(`dbus_spec_session_domain',`
')

domtrans_pattern($1_dbusd_t, $3, $2)
allow $1_dbusd_t $2:process noatsecure;

dbus_spec_session_bus_client($1, $2)
dbus_connect_spec_session_bus($1, $2)
Expand Down Expand Up @@ -606,6 +608,7 @@ interface(`dbus_system_domain',`
dbus_connect_system_bus($1)

ps_process_pattern(system_dbusd_t, $1)
allow system_dbusd_t $1:process noatsecure;

userdom_read_all_users_state($1)

Expand Down

0 comments on commit ac275c4

Please sign in to comment.