From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sun, 6 Feb 2011 16:14:46 +0100
Subject: [refpolicy] [PATCH 1/1] Allow xfce (and most likely other DEs) to
 properly work with the authorization information
Message-ID: <20110206151446.GA13019@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On my system, I use XFCE and start X from the commandline (using "startx")
rather than through a graphical DM. During the start-up, XFCE4 creates
temporary ICE files in /tmp (like /tmp/.xfsm-ICE-ABCDEF) which are later
read in by iceauth and at some point X.

I'm not that good at the entire ICE stuff, but without this, I was unable to
shut down my session ("log off").

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/services/xserver.te |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 33b91be..34ed5a7 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -234,9 +234,11 @@ userdom_user_home_dir_filetrans(iceauth_t, iceauth_home_t, file)
 
 allow xdm_t iceauth_home_t:file read_file_perms;
 
+files_search_tmp(iceauth_t)
 fs_search_auto_mountpoints(iceauth_t)
 
 userdom_use_user_terminals(iceauth_t)
+userdom_read_user_tmp_files(iceauth_t)
 
 tunable_policy(`use_nfs_home_dirs',`
 	fs_manage_nfs_files(iceauth_t)
@@ -726,6 +728,7 @@ seutil_read_default_contexts(xserver_t)
 userdom_search_user_home_dirs(xserver_t)
 userdom_use_user_ttys(xserver_t)
 userdom_setattr_user_ttys(xserver_t)
+userdom_read_user_tmp_files(xserver_t)
 userdom_rw_user_tmpfs_files(xserver_t)
 
 xserver_use_user_fonts(xserver_t)
-- 
1.7.3.4