From: dwalsh@redhat.com (Daniel J Walsh) Date: Fri, 06 Dec 2013 08:59:32 -0500 Subject: [refpolicy] [PATCH 24/39] This should probably eventually end up with xdm_home_t type like Fedora, but the file is currently created with xauth_home_t type so i just added a file context spec for that for failover In-Reply-To: <1386338185.2469.57.camel@d30> References: <1383990320-3340-1-git-send-email-dominick.grift@gmail.com> <1383990320-3340-24-git-send-email-dominick.grift@gmail.com> <52A1D278.2000506@tresys.com> <1386338185.2469.57.camel@d30> Message-ID: <52A1D844.4070702@redhat.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/06/2013 08:56 AM, Dominick Grift wrote: > On Fri, 2013-12-06 at 08:34 -0500, Christopher J. PeBenito wrote: >> On 11/09/13 04:45, Dominick Grift wrote: >>> Signed-off-by: Dominick Grift --- >>> policy/modules/services/xserver.fc | 1 + 1 file changed, 1 >>> insertion(+) >>> >>> diff --git a/policy/modules/services/xserver.fc >>> b/policy/modules/services/xserver.fc index 8274418..c74ba1f 100644 --- >>> a/policy/modules/services/xserver.fc +++ >>> b/policy/modules/services/xserver.fc @@ -9,6 +9,7 @@ >>> HOME_DIR/\.ICEauthority.* -- >>> gen_context(system_u:object_r:iceauth_home_t,s0) >>> HOME_DIR/\.serverauth.* -- >>> gen_context(system_u:object_r:xauth_home_t,s0) HOME_DIR/\.xauth.* -- >>> gen_context(system_u:object_r:xauth_home_t,s0) HOME_DIR/\.Xauthority.* >>> -- gen_context(system_u:object_r:xauth_home_t,s0) >>> +HOME_DIR/\.xsession-errors.* -- >>> gen_context(system_u:object_r:xauth_home_t,s0) >>> >>> # >> >> Does xauth create this log? If xdm does, then it makes more sense to >> have an xdm derived type. Otherwise I don't see why this shouldn't be >> user_home_t. >> > > I can't tell, both xdm_t as well as xauth_t are currently allowed to create > files in user home directories with the xauth_home_t type > > Does it make sense for a efficiency/security standpoint to create new type > for this? > > Anyways if you want a new type for this then drop this patch for now > > _______________________________________________ refpolicy mailing list > refpolicy at oss.tresys.com http://oss.tresys.com/mailman/listinfo/refpolicy > In fedora we have xdm_home_t. matchpathcon ~/.xsession-errors /home/dwalsh/.xsession-errors staff_u:object_r:xdm_home_t:s0 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlKh2EQACgkQrlYvE4MpobOFPgCggrH02jfz/XJD+/EGifWNQqgX 5AIAnRDmx9AEzxw2glJ7lU+rrvTQZrAZ =iKvZ -----END PGP SIGNATURE-----