From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Tue, 15 Apr 2014 09:30:08 -0400
Subject: [refpolicy] [PATCH] Allow the xdm_t domain to enter all the
 gkeyringd ones
In-Reply-To: <1397237307-17058-1-git-send-email-bigon@debian.org>
References: <1397237307-17058-1-git-send-email-bigon@debian.org>
Message-ID: <534D3460.60802@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 04/11/2014 01:28 PM, Laurent Bigonville wrote:
> From: Laurent Bigonville <bigon@bigon.be>
> 
> During the opening of the session, the pam_gnome_keyring module is
> starting the daemon in the gkeyringd user domain, allow xdm_t to
> transition to it.
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742966
> ---
>  policy/modules/services/xserver.te | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
> index 8479a52..a86f701 100644
> --- a/policy/modules/services/xserver.te
> +++ b/policy/modules/services/xserver.te
> @@ -524,6 +524,10 @@ optional_policy(`
>  ')
>  
>  optional_policy(`
> +	gnome_spec_domtrans_all_gkeyringd(xdm_t)
> +')
> +
> +optional_policy(`
>  	# Talk to the console mouse server.
>  	gpm_stream_connect(xdm_t)
>  	gpm_setattr_gpmctl(xdm_t)
 
Merged.



-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com