|
Dominick Grift |
648967e |
policy_module(rtkit, 1.1.1)
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
########################################
|
|
Chris PeBenito |
9401ae1 |
#
|
|
Chris PeBenito |
9401ae1 |
# Declarations
|
|
Chris PeBenito |
9401ae1 |
#
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
type rtkit_daemon_t;
|
|
Chris PeBenito |
9401ae1 |
type rtkit_daemon_exec_t;
|
|
Chris PeBenito |
9401ae1 |
dbus_system_domain(rtkit_daemon_t, rtkit_daemon_exec_t)
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
########################################
|
|
Chris PeBenito |
9401ae1 |
#
|
|
Chris PeBenito |
9401ae1 |
# rtkit_daemon local policy
|
|
Chris PeBenito |
9401ae1 |
#
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
allow rtkit_daemon_t self:capability { dac_read_search setuid sys_chroot setgid sys_nice sys_ptrace };
|
|
Chris PeBenito |
9401ae1 |
allow rtkit_daemon_t self:process { setsched getcap setcap setrlimit };
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
kernel_read_system_state(rtkit_daemon_t)
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
domain_getsched_all_domains(rtkit_daemon_t)
|
|
Chris PeBenito |
9401ae1 |
domain_read_all_domains_state(rtkit_daemon_t)
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
fs_rw_anon_inodefs_files(rtkit_daemon_t)
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
auth_use_nsswitch(rtkit_daemon_t)
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
logging_send_syslog_msg(rtkit_daemon_t)
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
miscfiles_read_localization(rtkit_daemon_t)
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
optional_policy(`
|
|
Chris PeBenito |
9401ae1 |
policykit_dbus_chat(rtkit_daemon_t)
|
|
Chris PeBenito |
9401ae1 |
')
|