https://bugzilla.redhat.com/show_bug.cgi?id=1550595



--- Comment #15 from dac.overr...@gmail.com ---
it should be clarified because it is questionable.

If a "system_dbusd_domain" would need this permission then the permission would
have been enclosed with "system_dbusd_domain()"

Looking at 
https://github.com/tpm2-software/tpm2-abrmd/commit/51a3c55d772b
it seems that this file descriptor gets passed to dbusd

So at least now that part is explained.

ideally the dbusd.if header would have exported an
"dbus_rw_inherited_system_unix_stream_sockets()" interface for you to call, but
there is not so just change line:

https://github.com/tpm2-software/tpm2-abrmd/blob/1.x/selinux/tabrmd.te#L20

to look like:

allow system_dbusd_t tabrmd_t:unix_stream_socket { read write};

Optionally add a comment: # TODO: add to dbus.if:
dbus_rw_inherited_system_unix_stream_sockets() and call that instead

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
_______________________________________________
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

Reply via email to