From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Fri, 18 Feb 2011 08:54:54 -0500 Subject: [refpolicy] [PATCH 1/1] Allow xfce (and most likely other DEs) to properly work with the authorization information In-Reply-To: <20110206151446.GA13019@siphos.be> References: <20110206151446.GA13019@siphos.be> Message-ID: <4D5E7A2E.4000701@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 02/06/11 10:14, Sven Vermeulen wrote: > On my system, I use XFCE and start X from the commandline (using "startx") > rather than through a graphical DM. During the start-up, XFCE4 creates > temporary ICE files in /tmp (like /tmp/.xfsm-ICE-ABCDEF) which are later > read in by iceauth and at some point X. > > I'm not that good at the entire ICE stuff, but without this, I was unable to > shut down my session ("log off"). > > Signed-off-by: Sven Vermeulen Merged. > --- > policy/modules/services/xserver.te | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te > index 33b91be..34ed5a7 100644 > --- a/policy/modules/services/xserver.te > +++ b/policy/modules/services/xserver.te > @@ -234,9 +234,11 @@ userdom_user_home_dir_filetrans(iceauth_t, iceauth_home_t, file) > > allow xdm_t iceauth_home_t:file read_file_perms; > > +files_search_tmp(iceauth_t) > fs_search_auto_mountpoints(iceauth_t) > > userdom_use_user_terminals(iceauth_t) > +userdom_read_user_tmp_files(iceauth_t) > > tunable_policy(`use_nfs_home_dirs',` > fs_manage_nfs_files(iceauth_t) > @@ -726,6 +728,7 @@ seutil_read_default_contexts(xserver_t) > userdom_search_user_home_dirs(xserver_t) > userdom_use_user_ttys(xserver_t) > userdom_setattr_user_ttys(xserver_t) > +userdom_read_user_tmp_files(xserver_t) > userdom_rw_user_tmpfs_files(xserver_t) > > xserver_use_user_fonts(xserver_t) -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com