mirror of
https://github.com/terrapkg/packages.git
synced 2026-05-31 09:01:55 +00:00
fix: Add some missing selinux rules for steamos-manager-powerstation (#12477)
This commit is contained in:
Kyle Gospodnetich
committed by
GitHub
GitHub
parent
110965b0bb
commit
c6df6ddc73
@@ -4,7 +4,7 @@
|
||||
|
||||
Name: steamos-manager-powerstation
|
||||
Version: 0~%{commitdate}.git%{shortcommit}
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
Summary: SteamOS Manager is a system daemon that aims to abstract Steam's interactions with the operating system
|
||||
License: MIT AND (MIT OR Apache-2.0) AND Unicode-3.0 AND (Apache-2.0 OR BSL-1.0) AND Apache-2.0 OR MIT AND (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND (BSD-3-Clause OR MIT OR Apache-2.0) AND ISC AND (LGPL-2.1 OR MIT OR Apache-2.0) AND MIT AND (MIT OR Apache-2.0) AND (MIT OR Apache-2.0 OR LGPL-2.1-or-later) AND (Unlicense OR MIT) AND (Zlib OR Apache-2.0 OR MIT)
|
||||
URL: https://github.com/OpenGamingCollective/steamos-manager
|
||||
|
||||
@@ -19,6 +19,9 @@ files_config_file(steamos_manager_conf_t)
|
||||
# Allow systemd to manage the service (start/stop/status)
|
||||
init_dbus_chat(steamos_manager_t)
|
||||
|
||||
# Query systemd and overall system status (init_t:system status)
|
||||
init_status(steamos_manager_t)
|
||||
|
||||
########################################
|
||||
# Process permissions
|
||||
########################################
|
||||
@@ -77,6 +80,18 @@ domain_read_all_domains_state(steamos_manager_t)
|
||||
kernel_read_debugfs(steamos_manager_t)
|
||||
kernel_manage_debugfs(steamos_manager_t)
|
||||
|
||||
gen_require(`
|
||||
type tracefs_t;
|
||||
')
|
||||
allow steamos_manager_t tracefs_t:dir search;
|
||||
|
||||
########################################
|
||||
# Cgroup access
|
||||
########################################
|
||||
|
||||
# Search the cgroup hierarchy under /sys/fs/cgroup
|
||||
fs_search_cgroup_dirs(steamos_manager_t)
|
||||
|
||||
########################################
|
||||
# Device access
|
||||
########################################
|
||||
@@ -185,6 +200,27 @@ corenet_tcp_connect_all_ports(steamos_manager_t)
|
||||
|
||||
logging_send_syslog_msg(steamos_manager_t)
|
||||
|
||||
########################################
|
||||
# bootupd (bootloader management)
|
||||
########################################
|
||||
|
||||
# steamos-manager invokes bootupctl, which runs in its own bootupd_t domain.
|
||||
optional_policy(`
|
||||
gen_require(`
|
||||
type bootupd_t;
|
||||
type mount_var_run_t;
|
||||
')
|
||||
|
||||
# NSS user/group lookups: /etc/passwd, systemd-userdbd, systemd-homed
|
||||
auth_use_nsswitch(bootupd_t)
|
||||
|
||||
# Read /proc system state
|
||||
kernel_read_system_state(bootupd_t)
|
||||
|
||||
# Search the mount runtime directory under /run
|
||||
allow bootupd_t mount_var_run_t:dir search;
|
||||
')
|
||||
|
||||
########################################
|
||||
# Miscellaneous
|
||||
########################################
|
||||
|
||||
Reference in New Issue
Block a user