more misc stuff

Here's the latest stuff, most of which is to make staff_t usable as a login
domain.  Please merge whatever you think is good and skip the rest.

Signed-off-by: Jason Zaman <jason@perfinion.com>

6 files changed, 14 insertions, 1 deletions

diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index 6a94f6ef..3b5f9c4d 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -168,6 +168,7 @@ ifdef(`distro_gentoo',`
 
 /usr/lib/at-spi2-core(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/avahi/avahi-daemon-check-dns\.sh	--	gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/bluetooth/.*		--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/bridge-utils/.*\.sh	--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/ccache/bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 #/usr/lib/dhcpcd/dhcpcd-hooks(/.*)?	gen_context(system_u:object_r:bin_t,s0)
@@ -200,6 +201,7 @@ ifdef(`distro_gentoo',`
 /usr/lib/gvfs/gvfs.*		--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/ipsec/.*		--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/kde4/libexec/.*	--	gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/[^/]+/libexec/kf5/.*	--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/mailman/bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/mailman/mail(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/mediawiki/math/texvc.*		gen_context(system_u:object_r:bin_t,s0)
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 803cca2a..1db51e0f 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -32,6 +32,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	modemmanager_dbus_chat(staff_t)
+')
+
+optional_policy(`
 	postgresql_role(staff_r, staff_t)
 ')
 
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index 0e21b2ad..f3241612 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -21,6 +21,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	modemmanager_dbus_chat(user_t)
+')
+
+optional_policy(`
 	screen_role_template(user, user_r, user_t)
 ')
 
diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te
index 9a9b1061..ccc29001 100644
--- a/policy/modules/services/ssh.te
+++ b/policy/modules/services/ssh.te
@@ -178,6 +178,7 @@ logging_read_generic_logs(ssh_t)
 
 auth_use_nsswitch(ssh_t)
 
+miscfiles_read_generic_certs(ssh_t)
 miscfiles_read_localization(ssh_t)
 
 seutil_read_config(ssh_t)
diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te
index 9908a645..adbe775e 100644
--- a/policy/modules/system/locallogin.te
+++ b/policy/modules/system/locallogin.te
@@ -209,6 +209,7 @@ optional_policy(`
 ')
 
 optional_policy(`
+	xserver_link_xdm_keys(local_login_t)
 	xserver_read_xdm_tmp_files(local_login_t)
 	xserver_rw_xdm_tmp_files(local_login_t)
 	xserver_rw_xdm_keys(local_login_t)
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index e5f37321..34c38cad 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -1008,6 +1008,7 @@ files_create_lock_dirs(systemd_tmpfiles_t)
 files_manage_all_pid_dirs(systemd_tmpfiles_t)
 files_delete_usr_files(systemd_tmpfiles_t)
 files_list_home(systemd_tmpfiles_t)
+files_list_locks(systemd_tmpfiles_t)
 files_manage_generic_tmp_dirs(systemd_tmpfiles_t)
 files_manage_var_dirs(systemd_tmpfiles_t)
 files_manage_var_lib_dirs(systemd_tmpfiles_t)
@@ -1026,8 +1027,8 @@ files_relabelto_etc_dirs(systemd_tmpfiles_t)
 files_manage_etc_symlinks(systemd_tmpfiles_t)
 
 fs_getattr_tmpfs(systemd_tmpfiles_t)
-fs_getattr_tmpfs_dirs(systemd_tmpfiles_t)
 fs_getattr_xattr_fs(systemd_tmpfiles_t)
+fs_list_tmpfs(systemd_tmpfiles_t)
 
 selinux_get_fs_mount(systemd_tmpfiles_t)
 selinux_search_fs(systemd_tmpfiles_t)