From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Fri, 6 Dec 2013 17:22:44 +0100 Subject: [refpolicy] [PATCH 38/39] xserver: review this In-Reply-To: <52A08BF4.3040501@tresys.com> References: <1383990320-3340-1-git-send-email-dominick.grift@gmail.com> <1383990320-3340-38-git-send-email-dominick.grift@gmail.com> <52A08BF4.3040501@tresys.com> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com I auditallow'ed the statements to see if they were triggered during a normal x session (startup, some spps, shutdown) and they were not, so ok to remove. On Dec 5, 2013 3:22 PM, "Christopher J. PeBenito" wrote: > On 11/09/13 04:45, Dominick Grift wrote: > > Signed-off-by: Dominick Grift > > --- > > policy/modules/services/xserver.te | 8 ++++---- > > 1 file changed, 4 insertions(+), 4 deletions(-) > > > > diff --git a/policy/modules/services/xserver.te > b/policy/modules/services/xserver.te > > index a7faaad..2ae8acb 100644 > > --- a/policy/modules/services/xserver.te > > +++ b/policy/modules/services/xserver.te > > @@ -741,10 +741,10 @@ userdom_rw_user_tmpfs_files(xserver_t) > > > > xserver_use_user_fonts(xserver_t) > > > > -ifndef(`distro_redhat',` > > - allow xserver_t self:process { execmem execheap execstack }; > > - domain_mmap_low_uncond(xserver_t) > > -') > > +# ifndef(`distro_redhat',` > > +# allow xserver_t self:process { execmem execheap execstack }; > > +# domain_mmap_low_uncond(xserver_t) > > +# ') > > > > ifdef(`distro_rhel4',` > > allow xserver_t self:process { execmem execheap execstack }; > > > > I suspect this can be removed, not just commented out. Sven, can you > confirm on Gentoo? > > -- > Chris PeBenito > Tresys Technology, LLC > www.tresys.com | oss.tresys.com > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20131206/f55466a5/attachment.html