[selinux-policy: 2559/3172] rtkit patch from Dan Walsh: rtkit_daemon_system_domain interface allows domains to say rtkit can set

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 22:47:27 UTC 2010 

commit ac19f1ac26429ff17daaabcc8f26fbd087e40680
Author: Jeremy Solt <jsolt at tresys.com>
Date:   Fri Mar 19 14:28:27 2010 -0400

    rtkit patch from Dan Walsh:
    rtkit_daemon_system_domain interface allows domains to say rtkit can setsched on their process.
    Needs sys_nice capability
    Needs to getsched on all domains.
    Fix bug in te file
    
    Me:
    changed interface name from rtkit_daemon_system_domain to rtkit_schedule
    Already had sys_nice capability

 policy/modules/services/rtkit.if |   20 ++++++++++++++++++++
 policy/modules/services/rtkit.te |    3 ++-
 2 files changed, 22 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/services/rtkit.if b/policy/modules/services/rtkit.if
index d536c01..fabe97c 100644
--- a/policy/modules/services/rtkit.if
+++ b/policy/modules/services/rtkit.if
@@ -38,3 +38,23 @@ interface(`rtkit_daemon_dbus_chat',`
 	allow $1 rtkit_daemon_t:dbus send_msg;
 	allow rtkit_daemon_t $1:dbus send_msg;
 ')
+
+########################################
+## <summary>
+##	Allow rtkit to control scheduling for your process
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`rtkit_schedule',`
+	gen_require(`
+		type rtkit_daemon_t;
+	')
+
+	ps_process_pattern(rtkit_daemon_t, $1)
+	allow rtkit_daemon_t $1:process { getsched setsched };
+	rtkit_daemon_dbus_chat($1)
+')
diff --git a/policy/modules/services/rtkit.te b/policy/modules/services/rtkit.te
index 37cd126..13333c6 100644
--- a/policy/modules/services/rtkit.te
+++ b/policy/modules/services/rtkit.te
@@ -20,6 +20,7 @@ allow rtkit_daemon_t self:process { setsched getcap setcap setrlimit };
 
 kernel_read_system_state(rtkit_daemon_t)
 
+domain_getsched_all_domains(rtkit_daemon_t)
 domain_read_all_domains_state(rtkit_daemon_t)
 
 fs_rw_anon_inodefs_files(rtkit_daemon_t)
@@ -28,7 +29,7 @@ auth_use_nsswitch(rtkit_daemon_t)
 
 logging_send_syslog_msg(rtkit_daemon_t)
 
-miscfiles_read_localization(locale_t)
+miscfiles_read_localization(rtkit_daemon_t)
 
 optional_policy(`
 	policykit_dbus_chat(rtkit_daemon_t)

More information about the scm-commits mailing list