Patch for pulseaudio against latest GIT Signed-off-by: Russell Coker <russell@xxxxxxxxxxxx> Index: refpolicy-2.20200209/policy/modules/apps/pulseaudio.te =================================================================== --- refpolicy-2.20200209.orig/policy/modules/apps/pulseaudio.te +++ refpolicy-2.20200209/policy/modules/apps/pulseaudio.te @@ -92,6 +92,8 @@ files_pid_filetrans(pulseaudio_t, pulsea manage_dirs_pattern(pulseaudio_t, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t) manage_files_pattern(pulseaudio_t, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t) +allow pulseaudio_t pulseaudio_xdg_config_t:file map; + xdg_config_filetrans(pulseaudio_t, pulseaudio_xdg_config_t, dir, "pulse") allow pulseaudio_t pulseaudio_client:process signull; @@ -146,7 +148,7 @@ miscfiles_read_localization(pulseaudio_t seutil_read_config(pulseaudio_t) -userdom_read_user_tmpfs_files(pulseaudio_t) +userdom_rw_user_tmpfs_files(pulseaudio_t) userdom_map_user_tmpfs_files(pulseaudio_t) userdom_delete_user_tmpfs_files(pulseaudio_t) userdom_search_user_home_dirs(pulseaudio_t) @@ -155,6 +157,7 @@ userdom_search_user_home_content(pulseau userdom_manage_user_tmp_dirs(pulseaudio_t) userdom_manage_user_tmp_files(pulseaudio_t) userdom_manage_user_tmp_sockets(pulseaudio_t) +userdom_write_all_user_runtime_named_sockets(pulseaudio_t) tunable_policy(`pulseaudio_execmem',` allow pulseaudio_t self:process execmem; @@ -224,6 +227,13 @@ optional_policy(` ') optional_policy(` + # for /run/systemd/seats and /run/systemd/sessions + systemd_read_logind_sessions_files(pulseaudio_t) + # for /run/systemd/users/$PID + systemd_read_logind_pids(pulseaudio_t) +') + +optional_policy(` udev_read_pid_files(pulseaudio_t) udev_read_state(pulseaudio_t) udev_read_db(pulseaudio_t)
