https://bugzilla.redhat.com/show_bug.cgi?id=1550595



--- Comment #16 from Javier Martinez Canillas <fmart...@redhat.com> ---
(In reply to dac.override from comment #15)
> it should be clarified because it is questionable.
> 
> If a "system_dbusd_domain" would need this permission then the permission
> would have been enclosed with "system_dbusd_domain()"
> 
> Looking at 
> https://github.com/tpm2-software/tpm2-abrmd/commit/51a3c55d772b
> it seems that this file descriptor gets passed to dbusd
> 
> So at least now that part is explained.
> 
> ideally the dbusd.if header would have exported an
> "dbus_rw_inherited_system_unix_stream_sockets()" interface for you to call,
> but there is not so just change line:
> 
> https://github.com/tpm2-software/tpm2-abrmd/blob/1.x/selinux/tabrmd.te#L20
> 
> to look like:
> 
> allow system_dbusd_t tabrmd_t:unix_stream_socket { read write};
> 
> Optionally add a comment: # TODO: add to dbus.if:
> dbus_rw_inherited_system_unix_stream_sockets() and call that instead

I will, thanks again!

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
_______________________________________________
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

Reply via email to