subject:"\[systemd\-devel\] selinux policy updates for logind"

Re: [systemd-devel] selinux policy updates for logind

2012-01-03 Thread Bill Nottingham

Matthias Clasen (matthias.cla...@gmail.com) said: 
 On Wed, Dec 28, 2011 at 9:25 AM, Daniel J Walsh dwa...@redhat.com wrote:
 
  Well are you seeing a AVC about local_login_t sending a dbus message
  to systemd?
 
 I don't know, I haven't checked.
 But the patch fixes the problem, and is pretty obvious...

Is this just another case of
https://bugzilla.redhat.com/show_bug.cgi?id=759202 ?

Bill
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] selinux policy updates for logind

2012-01-03 Thread Daniel J Walsh

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 01/03/2012 11:02 AM, Bill Nottingham wrote:
 Matthias Clasen (matthias.cla...@gmail.com) said:
 On Wed, Dec 28, 2011 at 9:25 AM, Daniel J Walsh
 dwa...@redhat.com wrote:
 
 Well are you seeing a AVC about local_login_t sending a dbus
 message to systemd?
 
 I don't know, I haven't checked. But the patch fixes the problem,
 and is pretty obvious...
 
 Is this just another case of 
 https://bugzilla.redhat.com/show_bug.cgi?id=759202 ?
 
 Bill
Could be, Matthias, are you still seeing this with the latest
selinux-policy?
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8DMyYACgkQrlYvE4MpobMUGACeOh4tUdp8DpvD1J+TSgBf5Ff1
Ot8AoNqEnwbGCcSdHaQOD6DYvlo2W+3g
=xeDz
-END PGP SIGNATURE-
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] selinux policy updates for logind

2011-12-28 Thread Daniel J Walsh

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 12/23/2011 09:16 PM, Matthias Clasen wrote:
 I've spent some time playing with the ConsoleKit-replacement 
 functionality in logind, and noticed that I couldn't test the
 PolicyKit integration for the poweroff/reboot methods in logind,
 since selinux doesn't let my method calls reach their destination.
 
 Matthias
What AVCs are you seeing?
 
 
 diff -up systemd-37/src/org.freedesktop.login1.conf.selinux 
 systemd-37/src/org.freedesktop.login1.conf ---
 systemd-37/src/org.freedesktop.login1.conf.selinux▸‧2011-12-23 
 21:09:32.795513513 -0500 +++
 systemd-37/src/org.freedesktop.login1.conf▸‧2011-12-23 
 21:10:36.456511229 -0500 @@ -69,6 +69,14 @@ 
 send_member=ActivateSession/
 
 allow send_destination=org.freedesktop.login1 +
 send_interface=org.freedesktop.login1.Manager +
 send_member=PowerOff/ + +allow
 send_destination=org.freedesktop.login1 +
 send_interface=org.freedesktop.login1.Manager +
 send_member=Reboot/ + +allow
 send_destination=org.freedesktop.login1 
 send_interface=org.freedesktop.login1.Seat 
 send_member=ActivateSession/ 
 ___ systemd-devel
 mailing list systemd-devel@lists.freedesktop.org 
 http://lists.freedesktop.org/mailman/listinfo/systemd-devel

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk77IBIACgkQrlYvE4MpobNhBQCdFZ0lgAOJQz0M/ApwmqWb0RSA
Dj8An3y/Dja/rT1PmlqDcl8awiCUMuoA
=C5hs
-END PGP SIGNATURE-
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] selinux policy updates for logind

2011-12-28 Thread Matthias Clasen

 Matthias
 What AVCs are you seeing?

I'm getting 'access denied' when trying to call e.g.
org.freedesktop.login1.Manager.Reboot from a user process.
Which seems disingenuous, considering that logind has PolicyKit
support to control access to these methods.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] selinux policy updates for logind

2011-12-28 Thread Matthias Clasen

On Wed, Dec 28, 2011 at 9:25 AM, Daniel J Walsh dwa...@redhat.com wrote:

 Well are you seeing a AVC about local_login_t sending a dbus message
 to systemd?

I don't know, I haven't checked.
But the patch fixes the problem, and is pretty obvious...
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] selinux policy updates for logind

2011-12-23 Thread Matthias Clasen

I've spent some time playing with the ConsoleKit-replacement
functionality in logind, and noticed
that I couldn't test the PolicyKit integration for the poweroff/reboot
methods in logind, since selinux
doesn't let my method calls reach their destination.

Matthias


diff -up systemd-37/src/org.freedesktop.login1.conf.selinux
systemd-37/src/org.freedesktop.login1.conf
--- systemd-37/src/org.freedesktop.login1.conf.selinux▸‧2011-12-23
21:09:32.795513513 -0500
+++ systemd-37/src/org.freedesktop.login1.conf▸‧2011-12-23
21:10:36.456511229 -0500
@@ -69,6 +69,14 @@
send_member=ActivateSession/

 allow send_destination=org.freedesktop.login1
+   send_interface=org.freedesktop.login1.Manager
+   send_member=PowerOff/
+
+allow send_destination=org.freedesktop.login1
+   send_interface=org.freedesktop.login1.Manager
+   send_member=Reboot/
+
+allow send_destination=org.freedesktop.login1
send_interface=org.freedesktop.login1.Seat
send_member=ActivateSession/
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] selinux policy updates for logind

Re: [systemd-devel] selinux policy updates for logind

Re: [systemd-devel] selinux policy updates for logind

Re: [systemd-devel] selinux policy updates for logind

Re: [systemd-devel] selinux policy updates for logind

[systemd-devel] selinux policy updates for logind

6 matches

Site Navigation

Mail list logo

Footer information