diff options
| author | Maciej Borzecki <maciej.zenon.borzecki@canonical.com> | 2017-12-18 08:09:38 +0100 |
|---|---|---|
| committer | Maciej Borzecki <maciej.zenon.borzecki@canonical.com> | 2017-12-18 08:29:46 +0100 |
| commit | 0cdff0e7743063f603ca350ec5cc169e2f3a4df0 (patch) | |
| tree | 99b0eb589ecacaf5b252b10917a4251d11f02dce /data/selinux | |
| parent | 4002cc61244a0477edae97deb16a07be8a1a1e06 (diff) | |
data/selinux: add policykit_dbus_chat()
Add an optional policy to allow policykit_dbus_chat(). Enables sending to and receiving messages from policykit. Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Diffstat (limited to 'data/selinux')
| -rw-r--r-- | data/selinux/snappy.te | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/data/selinux/snappy.te b/data/selinux/snappy.te index 3370fb3943..cd2f0fccce 100644 --- a/data/selinux/snappy.te +++ b/data/selinux/snappy.te @@ -216,6 +216,7 @@ corenet_udp_sendrecv_dns_port(snappy_t) corenet_tcp_connect_dns_port(snappy_t) corenet_sendrecv_dns_client_packets(snappy_t) -# allow polkit to reply to snapd -gen_require(` type policykit_t; class dbus send_msg; ') -allow policykit_t snappy_t:dbus send_msg; +# allow communication with polkit over dbus +optional_policy(` + policykit_dbus_chat(snappy_t) +') |