From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Fri, 6 Dec 2013 17:22:44 +0100
Subject: [refpolicy] [PATCH 38/39] xserver: review this
In-Reply-To: <52A08BF4.3040501@tresys.com>
References: <1383990320-3340-1-git-send-email-dominick.grift@gmail.com>
	<1383990320-3340-38-git-send-email-dominick.grift@gmail.com>
	<52A08BF4.3040501@tresys.com>
Message-ID: <CAPzO=NxMtT9c6R1rDCfR5-0FpTtApiP63bO_NddxwqOC8h8vhw@mail.gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

I auditallow'ed the statements to see if they were triggered during a
normal x session (startup, some spps, shutdown) and they were not, so ok to
remove.
On Dec 5, 2013 3:22 PM, "Christopher J. PeBenito" <cpebenito@tresys.com>
wrote:

> On 11/09/13 04:45, Dominick Grift wrote:
> > Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> > ---
> >  policy/modules/services/xserver.te | 8 ++++----
> >  1 file changed, 4 insertions(+), 4 deletions(-)
> >
> > diff --git a/policy/modules/services/xserver.te
> b/policy/modules/services/xserver.te
> > index a7faaad..2ae8acb 100644
> > --- a/policy/modules/services/xserver.te
> > +++ b/policy/modules/services/xserver.te
> > @@ -741,10 +741,10 @@ userdom_rw_user_tmpfs_files(xserver_t)
> >
> >  xserver_use_user_fonts(xserver_t)
> >
> > -ifndef(`distro_redhat',`
> > -     allow xserver_t self:process { execmem execheap execstack };
> > -     domain_mmap_low_uncond(xserver_t)
> > -')
> > +# ifndef(`distro_redhat',`
> > +#    allow xserver_t self:process { execmem execheap execstack };
> > +#    domain_mmap_low_uncond(xserver_t)
> > +# ')
> >
> >  ifdef(`distro_rhel4',`
> >       allow xserver_t self:process { execmem execheap execstack };
> >
>
> I suspect this can be removed, not just commented out.  Sven, can you
> confirm on Gentoo?
>
> --
> Chris PeBenito
> Tresys Technology, LLC
> www.tresys.com | oss.tresys.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20131206/f55466a5/attachment.html