From: domg472@gmail.com (Dominick Grift)
Date: Sun, 06 Feb 2011 17:48:03 +0100
Subject: [refpolicy] [PATCH 1/1] Without allow siginh,
 we get a huge timeout wait period (15 seconds)
In-Reply-To: <20110206151633.GA13056@siphos.be>
References: <20110206151633.GA13056@siphos.be>
Message-ID: <4D4ED0C3.90506@gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/06/2011 04:16 PM, Sven Vermeulen wrote:
> We need to allow siginh; without it, xinit waits for 15 seconds
> before continuing (not really user friendly), even though the system
> functions properly afterwards.
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  policy/modules/services/xserver.if |    2 ++
>  1 files changed, 2 insertions(+), 0 deletions(-)
> 
> diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
> index da2601a..01274b4 100644
> --- a/policy/modules/services/xserver.if
> +++ b/policy/modules/services/xserver.if
> @@ -142,6 +142,8 @@ interface(`xserver_role',`
>  	allow $2 xserver_t:shm rw_shm_perms;
>  	allow $2 xserver_tmpfs_t:file rw_file_perms;
>  
> +	allow $2 xserver_t:process { siginh };

nit: no brace expansion needed, nothing to expand here.

> +
>  	allow $2 iceauth_home_t:file manage_file_perms;
>  	allow $2 iceauth_home_t:file { relabelfrom relabelto };
>  

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk1O0MMACgkQMlxVo39jgT9MtACeLpmJxCVKdiigm6vmTAxWfCOE
pHMAoJBJdi/lE+QQFDA4lEQU9/1nnvic
=qHv2
-----END PGP SIGNATURE-----