funkemunky/packages
1
0
Fork 0
mirror of https://github.com/terrapkg/packages.git synced 2026-05-31 09:01:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: Add some missing selinux rules for steamos-manager-powerstation (#12477) (#12481)

Browse Source
This commit is contained in:
Raboneko
2026-05-22 10:07:03 -05:00
committed by GitHub
parent 7983c65d9e
commit 7af190504b
2 changed files with 37 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
anda/games/steamos-manager-powerstation/steamos-manager-powerstation.spec
+1 -1
View File
@@ -4,7 +4,7 @@
Name: steamos-manager-powerstation
Version: 0~%{commitdate}.git%{shortcommit}
Release: 3%{?dist}
Release: 4%{?dist}
Summary: SteamOS Manager is a system daemon that aims to abstract Steam's interactions with the operating system
License: MIT AND (MIT OR Apache-2.0) AND Unicode-3.0 AND (Apache-2.0 OR BSL-1.0) AND Apache-2.0 OR MIT AND (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND (BSD-3-Clause OR MIT OR Apache-2.0) AND ISC AND (LGPL-2.1 OR MIT OR Apache-2.0) AND MIT AND (MIT OR Apache-2.0) AND (MIT OR Apache-2.0 OR LGPL-2.1-or-later) AND (Unlicense OR MIT) AND (Zlib OR Apache-2.0 OR MIT)
URL: https://github.com/OpenGamingCollective/steamos-manager
anda/games/steamos-manager-powerstation/steamos_manager.te
+36
View File
@@ -19,6 +19,9 @@ files_config_file(steamos_manager_conf_t)
# Allow systemd to manage the service (start/stop/status)
init_dbus_chat(steamos_manager_t)
# Query systemd and overall system status (init_t:system status)
init_status(steamos_manager_t)
########################################
# Process permissions
########################################
@@ -77,6 +80,18 @@ domain_read_all_domains_state(steamos_manager_t)
kernel_read_debugfs(steamos_manager_t)
kernel_manage_debugfs(steamos_manager_t)
gen_require(`
type tracefs_t;
')
allow steamos_manager_t tracefs_t:dir search;
########################################
# Cgroup access
########################################
# Search the cgroup hierarchy under /sys/fs/cgroup
fs_search_cgroup_dirs(steamos_manager_t)
########################################
# Device access
########################################
@@ -185,6 +200,27 @@ corenet_tcp_connect_all_ports(steamos_manager_t)
logging_send_syslog_msg(steamos_manager_t)
########################################
# bootupd (bootloader management)
########################################
# steamos-manager invokes bootupctl, which runs in its own bootupd_t domain.
optional_policy(`
gen_require(`
type bootupd_t;
type mount_var_run_t;
')
# NSS user/group lookups: /etc/passwd, systemd-userdbd, systemd-homed
auth_use_nsswitch(bootupd_t)
# Read /proc system state
kernel_read_system_state(bootupd_t)
# Search the mount runtime directory under /run
allow bootupd_t mount_var_run_t:dir search;
')
########################################
# Miscellaneous
########################################