commit: 6bc27759a132a8acc69946da46bb4aefce6bbaeb
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Sun May 7 03:11:50 2017 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sun May 7 17:40:29 2017 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=6bc27759
consolekit: allow run fifo_files
audit: type=1400 audit(1494126304.815:19): avc: denied { create } for
pid=5335 comm="console-kit-dae" name="inhibit.IWBEZY.pipe"
scontext=system_u:system_r:consolekit_t:s0
tcontext=system_u:object_r:consolekit_var_run_t:s0 tclass=fifo_file permissive=0
policy/modules/contrib/consolekit.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/contrib/consolekit.te
b/policy/modules/contrib/consolekit.te
index 06451dff..19d4d1b4 100644
--- a/policy/modules/contrib/consolekit.te
+++ b/policy/modules/contrib/consolekit.te
@@ -40,6 +40,7 @@ logging_log_filetrans(consolekit_t, consolekit_log_t, file)
manage_dirs_pattern(consolekit_t, consolekit_var_run_t, consolekit_var_run_t)
manage_files_pattern(consolekit_t, consolekit_var_run_t, consolekit_var_run_t)
+manage_fifo_files_pattern(consolekit_t, consolekit_var_run_t,
consolekit_var_run_t)
files_pid_filetrans(consolekit_t, consolekit_var_run_t, { dir file })
kernel_read_system_state(consolekit_t)
