2017-11-14 02:03:53

by Mira Ressel

[permalink] [raw]
Subject: [refpolicy] [PATCH] xserver: Allow xdm_t to map usr_t files

This is required for gtk-based login managers to access gtk's icon
cache. IIRC, past discussion on the ML came to the conclusion that
adding a new domain for this would be overkill.
---
policy/modules/services/xserver.te | 1 +
1 file changed, 1 insertion(+)

diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 36478b640..52eb67e8f 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -450,6 +450,7 @@ files_read_etc_runtime_files(xdm_t)
files_exec_etc_files(xdm_t)
files_list_mnt(xdm_t)
# Read /usr/share/terminfo/l/linux and /usr/share/icons/default/index.theme...
+files_map_usr_files(xdm_t)
files_read_usr_files(xdm_t)
# Poweroff wants to create the /poweroff file when run from xdm
files_create_boot_flag(xdm_t)
--
2.15.0


2017-11-14 23:32:11

by Chris PeBenito

[permalink] [raw]
Subject: [refpolicy] [PATCH] xserver: Allow xdm_t to map usr_t files

On 11/13/2017 09:03 PM, Luis Ressel via refpolicy wrote:
> This is required for gtk-based login managers to access gtk's icon
> cache. IIRC, past discussion on the ML came to the conclusion that
> adding a new domain for this would be overkill.
> ---
> policy/modules/services/xserver.te | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
> index 36478b640..52eb67e8f 100644
> --- a/policy/modules/services/xserver.te
> +++ b/policy/modules/services/xserver.te
> @@ -450,6 +450,7 @@ files_read_etc_runtime_files(xdm_t)
> files_exec_etc_files(xdm_t)
> files_list_mnt(xdm_t)
> # Read /usr/share/terminfo/l/linux and /usr/share/icons/default/index.theme...
> +files_map_usr_files(xdm_t)
> files_read_usr_files(xdm_t)
> # Poweroff wants to create the /poweroff file when run from xdm
> files_create_boot_flag(xdm_t)

Merged.

--
Chris PeBenito