From: bigon@debian.org (Laurent Bigonville)
Date: Fri, 11 Apr 2014 19:28:27 +0200
Subject: [refpolicy] [PATCH] Allow the xdm_t domain to enter all the
	gkeyringd ones
Message-ID: <1397237307-17058-1-git-send-email-bigon@debian.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: Laurent Bigonville <bigon@bigon.be>

During the opening of the session, the pam_gnome_keyring module is
starting the daemon in the gkeyringd user domain, allow xdm_t to
transition to it.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742966
---
 policy/modules/services/xserver.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 8479a52..a86f701 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -524,6 +524,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	gnome_spec_domtrans_all_gkeyringd(xdm_t)
+')
+
+optional_policy(`
 	# Talk to the console mouse server.
 	gpm_stream_connect(xdm_t)
 	gpm_setattr_gpmctl(xdm_t)
-- 
1.9.2