]>
Commit | Line | Data |
---|---|---|
ed70158a | 1 | |
29af4c13 | 2 | policy_module(rtkit, 1.1.0) |
ed70158a CP |
3 | |
4 | ######################################## | |
5 | # | |
6 | # Declarations | |
7 | # | |
8 | ||
9 | type rtkit_daemon_t; | |
10 | type rtkit_daemon_exec_t; | |
11 | dbus_system_domain(rtkit_daemon_t, rtkit_daemon_exec_t) | |
12 | ||
13 | ######################################## | |
14 | # | |
15 | # rtkit_daemon local policy | |
16 | # | |
17 | ||
18 | allow rtkit_daemon_t self:capability { dac_read_search setuid sys_chroot setgid sys_nice sys_ptrace }; | |
19 | allow rtkit_daemon_t self:process { setsched getcap setcap setrlimit }; | |
20 | ||
21 | kernel_read_system_state(rtkit_daemon_t) | |
22 | ||
ac19f1ac | 23 | domain_getsched_all_domains(rtkit_daemon_t) |
ed70158a CP |
24 | domain_read_all_domains_state(rtkit_daemon_t) |
25 | ||
26 | fs_rw_anon_inodefs_files(rtkit_daemon_t) | |
27 | ||
28 | auth_use_nsswitch(rtkit_daemon_t) | |
29 | ||
30 | logging_send_syslog_msg(rtkit_daemon_t) | |
31 | ||
ac19f1ac | 32 | miscfiles_read_localization(rtkit_daemon_t) |
ed70158a CP |
33 | |
34 | optional_policy(` | |
35 | policykit_dbus_chat(rtkit_daemon_t) | |
36 | ') |