From: dominick.grift@gmail.com (Dominick Grift) Date: Fri, 06 Dec 2013 14:56:25 +0100 Subject: [refpolicy] [PATCH 24/39] This should probably eventually end up with xdm_home_t type like Fedora, but the file is currently created with xauth_home_t type so i just added a file context spec for that for failover In-Reply-To: <52A1D278.2000506@tresys.com> References: <1383990320-3340-1-git-send-email-dominick.grift@gmail.com> <1383990320-3340-24-git-send-email-dominick.grift@gmail.com> <52A1D278.2000506@tresys.com> Message-ID: <1386338185.2469.57.camel@d30> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Fri, 2013-12-06 at 08:34 -0500, Christopher J. PeBenito wrote: > On 11/09/13 04:45, Dominick Grift wrote: > > Signed-off-by: Dominick Grift > > --- > > policy/modules/services/xserver.fc | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc > > index 8274418..c74ba1f 100644 > > --- a/policy/modules/services/xserver.fc > > +++ b/policy/modules/services/xserver.fc > > @@ -9,6 +9,7 @@ HOME_DIR/\.ICEauthority.* -- gen_context(system_u:object_r:iceauth_home_t,s0) > > HOME_DIR/\.serverauth.* -- gen_context(system_u:object_r:xauth_home_t,s0) > > HOME_DIR/\.xauth.* -- gen_context(system_u:object_r:xauth_home_t,s0) > > HOME_DIR/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0) > > +HOME_DIR/\.xsession-errors.* -- gen_context(system_u:object_r:xauth_home_t,s0) > > > > # > > Does xauth create this log? If xdm does, then it makes more sense to have an xdm derived type. Otherwise I don't see why this shouldn't be user_home_t. > I can't tell, both xdm_t as well as xauth_t are currently allowed to create files in user home directories with the xauth_home_t type Does it make sense for a efficiency/security standpoint to create new type for this? Anyways if you want a new type for this then drop this patch for now