From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 5 Dec 2013 09:21:40 -0500
Subject: [refpolicy] [PATCH 38/39] xserver: review this
In-Reply-To: <1383990320-3340-38-git-send-email-dominick.grift@gmail.com>
References: <1383990320-3340-1-git-send-email-dominick.grift@gmail.com>
	<1383990320-3340-38-git-send-email-dominick.grift@gmail.com>
Message-ID: <52A08BF4.3040501@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 11/09/13 04:45, Dominick Grift wrote:
> Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> ---
>  policy/modules/services/xserver.te | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
> index a7faaad..2ae8acb 100644
> --- a/policy/modules/services/xserver.te
> +++ b/policy/modules/services/xserver.te
> @@ -741,10 +741,10 @@ userdom_rw_user_tmpfs_files(xserver_t)
>  
>  xserver_use_user_fonts(xserver_t)
>  
> -ifndef(`distro_redhat',`
> -	allow xserver_t self:process { execmem execheap execstack };
> -	domain_mmap_low_uncond(xserver_t)
> -')
> +# ifndef(`distro_redhat',`
> +#	allow xserver_t self:process { execmem execheap execstack };
> +#	domain_mmap_low_uncond(xserver_t)
> +# ')
>  
>  ifdef(`distro_rhel4',`
>  	allow xserver_t self:process { execmem execheap execstack };
> 

I suspect this can be removed, not just commented out.  Sven, can you confirm on Gentoo?

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com