Skip to content

Commit 444fae2

Browse files
committed
update support for polkit agent helper (bsc#1251931)
init_nnp_daemon_domain(policykit_auth_t): type=AVC msg=audit(..): avc: denied { nnp_transition } for pid=1850 comm="(helper-1)" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:policykit_auth_t:s0 tclass=process2 permissive=0 auth_nnp_domtrans_chkpwd(): type=AVC msg=audit(..): avc: denied { nnp_transition } for pid=2353 comm="polkit-agent-he" scontext=system_u:system_r:policykit_auth_t:s0 tcontext=system_u:system_r:chkpwd_t:s0 tclass=process2 permissive=0 label socket placed under /run/polkit as policykit_var_run_t
1 parent 6105e14 commit 444fae2

File tree

2 files changed

+3
-0
lines changed

2 files changed

+3
-0
lines changed

policy/modules/contrib/policykit.fc

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,3 +20,4 @@
2020
/var/lib/PolicyKit-public(/.*)? gen_context(system_u:object_r:policykit_var_lib_t,s0)
2121
/run/PolicyKit(/.*)? gen_context(system_u:object_r:policykit_var_run_t,s0)
2222
/run/polkit-1(/.*)? gen_context(system_u:object_r:policykit_var_run_t,s0)
23+
/run/polkit(/.*)? gen_context(system_u:object_r:policykit_var_run_t,s0)

policy/modules/contrib/policykit.te

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ init_nnp_daemon_domain(policykit_t)
1515
type policykit_auth_t, policykit_domain;
1616
type policykit_auth_exec_t;
1717
init_daemon_domain(policykit_auth_t, policykit_auth_exec_t)
18+
init_nnp_daemon_domain(policykit_auth_t)
1819

1920
type policykit_grant_t, policykit_domain;
2021
type policykit_grant_exec_t;
@@ -209,6 +210,7 @@ fs_dontaudit_append_ecryptfs_files(policykit_auth_t)
209210
auth_rw_var_auth(policykit_auth_t)
210211
auth_use_nsswitch(policykit_auth_t)
211212
auth_domtrans_chk_passwd(policykit_auth_t)
213+
auth_nnp_domtrans_chkpwd(policykit_auth_t)
212214

213215
logging_send_syslog_msg(policykit_auth_t)
214216

0 commit comments

Comments
 (0)