Message ID | 20231012103210.2915871-8-adam.duskett@amarulasolutions.com |
---|---|
State | New |
Headers | show |
Series | SELinux: Basic config enforcing mode support. | expand |
diff --git a/DEVELOPERS b/DEVELOPERS index 5f4b7320ba..f7506da57a 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -40,6 +40,7 @@ F: package/flutter-gallery/ F: package/flutter-pi/ F: package/flutter-sdk-bin/ F: package/openssh/selinux/ +F: package/polkit/selinux/ F: package/refpolicy/selinux/ F: package/systemd/selinux/ F: package/sysvinit/selinux/ diff --git a/package/polkit/selinux/buildroot-polkit.fc b/package/polkit/selinux/buildroot-polkit.fc new file mode 100644 index 0000000000..e69de29bb2 diff --git a/package/polkit/selinux/buildroot-polkit.if b/package/polkit/selinux/buildroot-polkit.if new file mode 100644 index 0000000000..8db3562fa5 --- /dev/null +++ b/package/polkit/selinux/buildroot-polkit.if @@ -0,0 +1 @@ +## <summary>Buildroot polkit rules</summary> diff --git a/package/polkit/selinux/buildroot-polkit.te b/package/polkit/selinux/buildroot-polkit.te new file mode 100644 index 0000000000..3cc244868c --- /dev/null +++ b/package/polkit/selinux/buildroot-polkit.te @@ -0,0 +1,5 @@ +policy_module(buildroot-polkit, 1.0.0) + +#============= policykit_t ============== +allow policykit_t security_t:filesystem getattr; +allow policykit_t selinux_config_t:dir search;
This is a basic policy necessary for polkit to work properly in enforcing mode without any denials. Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> --- DEVELOPERS | 1 + package/polkit/selinux/buildroot-polkit.fc | 0 package/polkit/selinux/buildroot-polkit.if | 1 + package/polkit/selinux/buildroot-polkit.te | 5 +++++ 4 files changed, 7 insertions(+) create mode 100644 package/polkit/selinux/buildroot-polkit.fc create mode 100644 package/polkit/selinux/buildroot-polkit.if create mode 100644 package/polkit/selinux/buildroot-polkit.te