From: domg472@gmail.com (Dominick Grift) Date: Sun, 06 Feb 2011 17:48:03 +0100 Subject: [refpolicy] [PATCH 1/1] Without allow siginh, we get a huge timeout wait period (15 seconds) In-Reply-To: <20110206151633.GA13056@siphos.be> References: <20110206151633.GA13056@siphos.be> Message-ID: <4D4ED0C3.90506@gmail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/06/2011 04:16 PM, Sven Vermeulen wrote: > We need to allow siginh; without it, xinit waits for 15 seconds > before continuing (not really user friendly), even though the system > functions properly afterwards. > > Signed-off-by: Sven Vermeulen > --- > policy/modules/services/xserver.if | 2 ++ > 1 files changed, 2 insertions(+), 0 deletions(-) > > diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if > index da2601a..01274b4 100644 > --- a/policy/modules/services/xserver.if > +++ b/policy/modules/services/xserver.if > @@ -142,6 +142,8 @@ interface(`xserver_role',` > allow $2 xserver_t:shm rw_shm_perms; > allow $2 xserver_tmpfs_t:file rw_file_perms; > > + allow $2 xserver_t:process { siginh }; nit: no brace expansion needed, nothing to expand here. > + > allow $2 iceauth_home_t:file manage_file_perms; > allow $2 iceauth_home_t:file { relabelfrom relabelto }; > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk1O0MMACgkQMlxVo39jgT9MtACeLpmJxCVKdiigm6vmTAxWfCOE pHMAoJBJdi/lE+QQFDA4lEQU9/1nnvic =qHv2 -----END PGP SIGNATURE-----