[refpolicy] [PATCH 1/2] pcscd.if: Permit access to pid files inside /var/run/pcscd/.

All of lore.kernel.org
 help / color / mirror / Atom feed

* [refpolicy] [PATCH 1/2] pcscd.if: Permit access to pid files inside /var/run/pcscd/.
@ 2014-02-14 19:35 Luis Ressel
  2014-02-14 19:35 ` [refpolicy] [PATCH 2/2] Allow gpg-agent's scdaemon to connect to pcscd Luis Ressel
  2014-02-15 20:37 ` [refpolicy] [PATCH 1/2] pcscd.if: Permit access to pid files inside /var/run/pcscd/ Christopher J. PeBenito
  0 siblings, 2 replies; 4+ messages in thread
From: Luis Ressel @ 2014-02-14 19:35 UTC (permalink / raw)
  To: refpolicy

Gentoo places pcscd's pid file in /var/run/pcscd/ instead of /var/run/,
but pcscd_read_pid_files() doesn't grant enough permissions for this.
---
 pcscd.if | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pcscd.if b/pcscd.if
index 43d50f9..7f77d32 100644
--- a/pcscd.if
+++ b/pcscd.if
@@ -50,7 +50,7 @@ interface(`pcscd_read_pid_files',`
 	')
 
 	files_search_pids($1)
-	allow $1 pcscd_var_run_t:file read_file_perms;
+	read_files_pattern($1, pcscd_var_run_t, pcscd_var_run_t)
 ')
 
 ########################################
-- 
1.8.5.4

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [refpolicy] [PATCH 2/2] Allow gpg-agent's scdaemon to connect to pcscd.
  2014-02-14 19:35 [refpolicy] [PATCH 1/2] pcscd.if: Permit access to pid files inside /var/run/pcscd/ Luis Ressel
@ 2014-02-14 19:35 ` Luis Ressel
  2014-02-15 20:36   ` Christopher J. PeBenito
  2014-02-15 20:37 ` [refpolicy] [PATCH 1/2] pcscd.if: Permit access to pid files inside /var/run/pcscd/ Christopher J. PeBenito
  1 sibling, 1 reply; 4+ messages in thread
From: Luis Ressel @ 2014-02-14 19:35 UTC (permalink / raw)
  To: refpolicy

---
 gpg.te | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/gpg.te b/gpg.te
index 4cfa305..06a4679 100644
--- a/gpg.te
+++ b/gpg.te
@@ -1,4 +1,4 @@
-policy_module(gpg, 2.8.2)
+policy_module(gpg, 2.8.3)
 
 ########################################
 #
@@ -273,6 +273,10 @@ optional_policy(`
 	mozilla_dontaudit_rw_user_home_files(gpg_agent_t)
 ')
 
+optional_policy(`
+	pcscd_stream_connect(gpg_agent_t)
+')
+
 ##############################
 #
 # Pinentry local policy
-- 
1.8.5.4

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [refpolicy] [PATCH 2/2] Allow gpg-agent's scdaemon to connect to pcscd.
  2014-02-14 19:35 ` [refpolicy] [PATCH 2/2] Allow gpg-agent's scdaemon to connect to pcscd Luis Ressel
@ 2014-02-15 20:36   ` Christopher J. PeBenito
  0 siblings, 0 replies; 4+ messages in thread
From: Christopher J. PeBenito @ 2014-02-15 20:36 UTC (permalink / raw)
  To: refpolicy

On 2/14/2014 2:35 PM, Luis Ressel wrote:
> ---
>  gpg.te | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/gpg.te b/gpg.te
> index 4cfa305..06a4679 100644
> --- a/gpg.te
> +++ b/gpg.te
> @@ -1,4 +1,4 @@
> -policy_module(gpg, 2.8.2)
> +policy_module(gpg, 2.8.3)
>  
>  ########################################
>  #
> @@ -273,6 +273,10 @@ optional_policy(`
>  	mozilla_dontaudit_rw_user_home_files(gpg_agent_t)
>  ')
>  
> +optional_policy(`
> +	pcscd_stream_connect(gpg_agent_t)
> +')
> +
>  ##############################
>  #
>  # Pinentry local policy

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [refpolicy] [PATCH 1/2] pcscd.if: Permit access to pid files inside /var/run/pcscd/.
  2014-02-14 19:35 [refpolicy] [PATCH 1/2] pcscd.if: Permit access to pid files inside /var/run/pcscd/ Luis Ressel
  2014-02-14 19:35 ` [refpolicy] [PATCH 2/2] Allow gpg-agent's scdaemon to connect to pcscd Luis Ressel
@ 2014-02-15 20:37 ` Christopher J. PeBenito
  1 sibling, 0 replies; 4+ messages in thread
From: Christopher J. PeBenito @ 2014-02-15 20:37 UTC (permalink / raw)
  To: refpolicy

On 2/14/2014 2:35 PM, Luis Ressel wrote:
> Gentoo places pcscd's pid file in /var/run/pcscd/ instead of /var/run/,
> but pcscd_read_pid_files() doesn't grant enough permissions for this.
> ---
>  pcscd.if | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/pcscd.if b/pcscd.if
> index 43d50f9..7f77d32 100644
> --- a/pcscd.if
> +++ b/pcscd.if
> @@ -50,7 +50,7 @@ interface(`pcscd_read_pid_files',`
>  	')
>  
>  	files_search_pids($1)
> -	allow $1 pcscd_var_run_t:file read_file_perms;
> +	read_files_pattern($1, pcscd_var_run_t, pcscd_var_run_t)
>  ')
>  
>  ########################################
 
Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2014-02-15 20:37 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-02-14 19:35 [refpolicy] [PATCH 1/2] pcscd.if: Permit access to pid files inside /var/run/pcscd/ Luis Ressel
2014-02-14 19:35 ` [refpolicy] [PATCH 2/2] Allow gpg-agent's scdaemon to connect to pcscd Luis Ressel
2014-02-15 20:36   ` Christopher J. PeBenito
2014-02-15 20:37 ` [refpolicy] [PATCH 1/2] pcscd.if: Permit access to pid files inside /var/run/pcscd/ Christopher J. PeBenito

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.