From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id D598B15812D for ; Sun, 15 Dec 2024 00:30:19 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 287C0E09C3; Sun, 15 Dec 2024 00:30:19 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 09B09E09BC for ; Sun, 15 Dec 2024 00:30:19 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 509A9342F99 for ; Sun, 15 Dec 2024 00:30:18 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 6C8281F42 for ; Sun, 15 Dec 2024 00:30:15 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1734221959.bd4d8da452e55389b387f9d98153c6534c5eba1d.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/system/locallogin.te X-VCS-Directories: policy/modules/system/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: bd4d8da452e55389b387f9d98153c6534c5eba1d X-VCS-Branch: master Date: Sun, 15 Dec 2024 00:30:15 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: acd08bf3-7de6-42dc-baf8-deb6a77cdeba X-Archives-Hash: 92dc711d50ad2c817e4d1abbf7fe6a22 commit: bd4d8da452e55389b387f9d98153c6534c5eba1d Author: Rahul Sandhu sandhuservices dev> AuthorDate: Thu Nov 28 01:48:46 2024 +0000 Commit: Jason Zaman gentoo org> CommitDate: Sun Dec 15 00:19:19 2024 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=bd4d8da4 locallogin: allow talking to systemd-homed user record APIs systemd-homed user records rely on being able to talk to the dbus and varlink APIs provided to obtain basic account information such as user id, name, group membership, etc as they do not have /etc/passwd, /etc/group or /etc/shadow fields. For tty login to work for homed user accounts, local_login_t needs to be able to lookup this information, so let's grant it the ability to. Signed-off-by: Rahul Sandhu sandhuservices.dev> Signed-off-by: Jason Zaman gentoo.org> policy/modules/system/locallogin.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te index e17b16c4e..995c80be2 100644 --- a/policy/modules/system/locallogin.te +++ b/policy/modules/system/locallogin.te @@ -154,6 +154,8 @@ ifdef(`init_systemd',` systemd_dbus_chat_logind(local_login_t) systemd_use_logind_fds(local_login_t) systemd_manage_logind_runtime_pipes(local_login_t) + systemd_dbus_chat_homed(local_login_t) + systemd_stream_connect_homed(local_login_t) ') ifdef(`distro_debian',`