From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Mon, 14 Feb 2011 09:44:04 -0500 Subject: [refpolicy] [PATCH 1/1] Without allow siginh, we get a huge timeout wait period (15 seconds) In-Reply-To: <20110206151633.GA13056@siphos.be> References: <20110206151633.GA13056@siphos.be> Message-ID: <4D593FB4.5030307@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 2/6/2011 10:16 AM, Sven Vermeulen wrote: > We need to allow siginh; without it, xinit waits for 15 seconds > before continuing (not really user friendly), even though the system > functions properly afterwards. This needs a comment in the policy. Also, it should probably go in xserver_restricted_role() instead. > Signed-off-by: Sven Vermeulen > --- > policy/modules/services/xserver.if | 2 ++ > 1 files changed, 2 insertions(+), 0 deletions(-) > > diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if > index da2601a..01274b4 100644 > --- a/policy/modules/services/xserver.if > +++ b/policy/modules/services/xserver.if > @@ -142,6 +142,8 @@ interface(`xserver_role',` > allow $2 xserver_t:shm rw_shm_perms; > allow $2 xserver_tmpfs_t:file rw_file_perms; > > + allow $2 xserver_t:process { siginh }; > + > allow $2 iceauth_home_t:file manage_file_perms; > allow $2 iceauth_home_t:file { relabelfrom relabelto }; > -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com