commit: 2873694ba1cc11acf324afb6778b947452d060ec Author: Jason Zaman <jason <AT> perfinion <DOT> com> AuthorDate: Sun Jun 4 15:23:48 2017 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Mon Jun 5 17:16:18 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=2873694b
consolekit: introduce consolekit_use_inhibit_lock interface Applications hold FDs while they hold the lock. Implements this API: https://www.freedesktop.org/wiki/Software/systemd/inhibit/ policy/modules/contrib/consolekit.if | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/policy/modules/contrib/consolekit.if b/policy/modules/contrib/consolekit.if index 5b830ec9..e5cc8434 100644 --- a/policy/modules/contrib/consolekit.if +++ b/policy/modules/contrib/consolekit.if @@ -42,6 +42,29 @@ interface(`consolekit_dbus_chat',` ######################################## ## <summary> +## Use consolekit inhibit locks. +## +## The program gets passed an FD to a fifo_file to hold. +## When the application is done with the lock, it closes the FD. +## Implements this API: https://www.freedesktop.org/wiki/Software/systemd/inhibit/ +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`consolekit_use_inhibit_lock',` + gen_require(` + type consolekit_t, consolekit_var_run_t; + ') + + allow $1 consolekit_t:fd use; + allow $1 consolekit_var_run_t:fifo_file rw_inherited_fifo_file_perms; +') + +######################################## +## <summary> ## Read consolekit log files. ## </summary> ## <param name="domain">
