From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 16AE71381F3 for ; Mon, 30 Sep 2013 19:03:47 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3F607E0B84; Mon, 30 Sep 2013 19:03:43 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 48FA5E0B1F for ; Mon, 30 Sep 2013 19:03:42 +0000 (UTC) Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 5CA1F33E66D for ; Mon, 30 Sep 2013 19:03:41 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by hornbill.gentoo.org (Postfix) with ESMTP id 60088E546A for ; Mon, 30 Sep 2013 19:03:39 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1380567727.f70791c2ada8040fc3788a8da002435193ce015a.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/alsa.te X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: f70791c2ada8040fc3788a8da002435193ce015a X-VCS-Branch: master Date: Mon, 30 Sep 2013 19:03:39 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 9e57824c-b27a-4b03-bbe9-20e3e093b0bd X-Archives-Hash: 2bf8c50240de9f99395645721c6aece8 commit: f70791c2ada8040fc3788a8da002435193ce015a Author: Dominick Grift gmail com> AuthorDate: Thu Sep 26 07:02:23 2013 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Mon Sep 30 19:02:07 2013 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=f70791c2 alsa: alsactl wants to associate pulse-shm-.* to device_t type filesystems. This happens early on but i do not understand how that (/dev) relates to /dev/shm in this regard alsa: alsactl reads /var/lib/dbus/machine-id Signed-off-by: Dominick Grift gmail.com> --- policy/modules/contrib/alsa.te | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/policy/modules/contrib/alsa.te b/policy/modules/contrib/alsa.te index db4a986..595a217 100644 --- a/policy/modules/contrib/alsa.te +++ b/policy/modules/contrib/alsa.te @@ -1,4 +1,4 @@ -policy_module(alsa, 1.12.1) +policy_module(alsa, 1.12.2) ######################################## # @@ -21,6 +21,7 @@ files_tmp_file(alsa_tmp_t) type alsa_tmpfs_t; files_tmpfs_file(alsa_tmpfs_t) pulseaudio_tmpfs_content(alsa_tmpfs_t) +dev_associate(alsa_tmpfs_t) type alsa_var_lib_t; files_type(alsa_var_lib_t) @@ -90,6 +91,10 @@ userdom_manage_unpriv_user_shared_mem(alsa_t) userdom_search_user_home_dirs(alsa_t) optional_policy(` + dbus_read_lib_files(alsa_t) +') + +optional_policy(` hal_use_fds(alsa_t) hal_write_log(alsa_t) ')