https://bugzilla.redhat.com/show_bug.cgi?id=1550595 --- Comment #16 from Javier Martinez Canillas <fmartine@xxxxxxxxxx> --- (In reply to dac.override from comment #15) > it should be clarified because it is questionable. > > If a "system_dbusd_domain" would need this permission then the permission > would have been enclosed with "system_dbusd_domain()" > > Looking at > https://github.com/tpm2-software/tpm2-abrmd/commit/51a3c55d772b > it seems that this file descriptor gets passed to dbusd > > So at least now that part is explained. > > ideally the dbusd.if header would have exported an > "dbus_rw_inherited_system_unix_stream_sockets()" interface for you to call, > but there is not so just change line: > > https://github.com/tpm2-software/tpm2-abrmd/blob/1.x/selinux/tabrmd.te#L20 > > to look like: > > allow system_dbusd_t tabrmd_t:unix_stream_socket { read write}; > > Optionally add a comment: # TODO: add to dbus.if: > dbus_rw_inherited_system_unix_stream_sockets() and call that instead I will, thanks again! -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
