[DSE-User] SELinux on Wheezy: apm
Arno Schuring
aelschuring at hotmail.com
Sat Feb 11 14:41:24 UTC 2012
acpid in Wheezy apparently uses a netlink socket and wants to read
input events. I haven't given it much of my time, but the input device
appears to be the power button.
Regards,
Arno
-8<--
diff --git a/policy/modules/services/apm.fc b/policy/modules/services/apm.fc
index 0123777..041a26a 100644
--- a/policy/modules/services/apm.fc
+++ b/policy/modules/services/apm.fc
@@ -14,6 +14,7 @@
/var/log/acpid.* -- gen_context(system_u:object_r:apmd_log_t,s0)
/var/run/\.?acpid\.socket -s gen_context(system_u:object_r:apmd_var_run_t,s0)
+/run/\.?acpid\.socket -s gen_context(system_u:object_r:apmd_var_run_t,s0)
/var/run/apmd\.pid -- gen_context(system_u:object_r:apmd_var_run_t,s0)
/var/run/powersaved\.pid -- gen_context(system_u:object_r:apmd_var_run_t,s0)
/var/run/powersave_socket -s gen_context(system_u:object_r:apmd_var_run_t,s0)
diff --git a/policy/modules/services/apm.te b/policy/modules/services/apm.te
index 8047894..4fa1de0 100644
--- a/policy/modules/services/apm.te
+++ b/policy/modules/services/apm.te
@@ -1,4 +1,4 @@
-policy_module(apm, 1.11.0)
+policy_module(apm, 1.11.2)
########################################
#
@@ -64,6 +64,7 @@ allow apmd_t self:process { signal_perms getsession };
allow apmd_t self:fifo_file rw_fifo_file_perms;
allow apmd_t self:unix_dgram_socket create_socket_perms;
allow apmd_t self:unix_stream_socket create_stream_socket_perms;
+allow apmd_t self:netlink_socket create_socket_perms;
allow apmd_t apmd_log_t:file manage_file_perms;
logging_log_filetrans(apmd_t, apmd_log_t, file)
@@ -81,6 +82,7 @@ kernel_rw_all_sysctls(apmd_t)
kernel_read_system_state(apmd_t)
kernel_write_proc_files(apmd_t)
+dev_read_input(apmd_t)
dev_read_realtime_clock(apmd_t)
dev_read_urand(apmd_t)
dev_rw_apm_bios(apmd_t)
More information about the Selinux-user
mailing list