From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Mon, 17 Sep 2012 11:09:21 -0400 Subject: [refpolicy] [PATCH 1/2] Add Debian locations for GDM 3 In-Reply-To: <1347293474-17271-1-git-send-email-bigon@debian.org> References: <1347293474-17271-1-git-send-email-bigon@debian.org> Message-ID: <50573D21.10006@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 09/10/12 12:11, Laurent Bigonville wrote: > From: Laurent Bigonville > > --- > policy/modules/kernel/corecommands.fc | 1 + > policy/modules/services/xserver.fc | 15 +++++++++------ > 2 files changed, 10 insertions(+), 6 deletions(-) > > diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc > index 9020aa1..57cd935 100644 > --- a/policy/modules/kernel/corecommands.fc > +++ b/policy/modules/kernel/corecommands.fc > @@ -305,6 +305,7 @@ ifdef(`distro_gentoo',` > > ifdef(`distro_debian',` > /usr/lib/ConsoleKit/.* -- gen_context(system_u:object_r:bin_t,s0) > +/usr/lib/gdm3/.* -- gen_context(system_u:object_r:bin_t,s0) > ') > > ifdef(`distro_gentoo', ` > diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc > index be8f670..9393f65 100644 > --- a/policy/modules/services/xserver.fc > +++ b/policy/modules/services/xserver.fc > @@ -18,9 +18,9 @@ HOME_DIR/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0) > # > # /etc > # > -/etc/gdm/PostSession/.* -- gen_context(system_u:object_r:xsession_exec_t,s0) > -/etc/gdm/PreSession/.* -- gen_context(system_u:object_r:xsession_exec_t,s0) > -/etc/gdm/Xsession -- gen_context(system_u:object_r:xsession_exec_t,s0) > +/etc/gdm(3)?/PostSession/.* -- gen_context(system_u:object_r:xsession_exec_t,s0) > +/etc/gdm(3)?/PreSession/.* -- gen_context(system_u:object_r:xsession_exec_t,s0) > +/etc/gdm(3)?/Xsession -- gen_context(system_u:object_r:xsession_exec_t,s0) > > /etc/kde[34]?/kdm/Xstartup -- gen_context(system_u:object_r:xsession_exec_t,s0) > /etc/kde[34]?/kdm/Xreset -- gen_context(system_u:object_r:xsession_exec_t,s0) > @@ -56,9 +56,10 @@ HOME_DIR/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0) > # /usr > # > > +/usr/(s)?bin/gdm(3)? -- gen_context(system_u:object_r:xdm_exec_t,s0) > /usr/(s)?bin/gdm-binary -- gen_context(system_u:object_r:xdm_exec_t,s0) > /usr/(s)?bin/lxdm(-binary)? -- gen_context(system_u:object_r:xdm_exec_t,s0) > -/usr/(s)?bin/[xgkw]dm -- gen_context(system_u:object_r:xdm_exec_t,s0) > +/usr/(s)?bin/[xkw]dm -- gen_context(system_u:object_r:xdm_exec_t,s0) > /usr/bin/gpe-dm -- gen_context(system_u:object_r:xdm_exec_t,s0) > /usr/bin/iceauth -- gen_context(system_u:object_r:iceauth_exec_t,s0) > /usr/bin/slim -- gen_context(system_u:object_r:xdm_exec_t,s0) > @@ -89,18 +90,20 @@ ifndef(`distro_debian',` > > /var/[xgkw]dm(/.*)? gen_context(system_u:object_r:xserver_log_t,s0) > > +/var/lib/gdm(3)?(/.*)? gen_context(system_u:object_r:xdm_var_lib_t,s0) > /var/lib/lxdm(/.*)? gen_context(system_u:object_r:xdm_var_lib_t,s0) > /var/lib/[xkw]dm(/.*)? gen_context(system_u:object_r:xdm_var_lib_t,s0) > /var/lib/xkb(/.*)? gen_context(system_u:object_r:xkb_var_lib_t,s0) > > /var/log/[kwx]dm\.log.* -- gen_context(system_u:object_r:xserver_log_t,s0) > /var/log/lxdm\.log -- gen_context(system_u:object_r:xserver_log_t,s0) > -/var/log/gdm(/.*)? gen_context(system_u:object_r:xserver_log_t,s0) > +/var/log/gdm(3)?(/.*)? gen_context(system_u:object_r:xserver_log_t,s0) > /var/log/slim\.log -- gen_context(system_u:object_r:xserver_log_t,s0) > /var/log/XFree86.* -- gen_context(system_u:object_r:xserver_log_t,s0) > /var/log/Xorg.* -- gen_context(system_u:object_r:xserver_log_t,s0) > > -/var/run/[gx]dm\.pid -- gen_context(system_u:object_r:xdm_var_run_t,s0) > +/var/run/gdm(3)?\.pid -- gen_context(system_u:object_r:xdm_var_run_t,s0) > +/var/run/xdm\.pid -- gen_context(system_u:object_r:xdm_var_run_t,s0) > /var/run/lxdm\.auth -- gen_context(system_u:object_r:xdm_var_run_t,s0) > /var/run/lxdm\.pid -- gen_context(system_u:object_r:xdm_var_run_t,s0) > /var/run/lxdm(/.*)? gen_context(system_u:object_r:xdm_var_run_t,s0) Merged. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com