From: guido@trentalancia.net (Guido Trentalancia)
Date: Thu, 01 Dec 2016 16:00:38 +0100
Subject: [refpolicy] [PATCH] xserver: remove unneeded user content
	permissions
Message-ID: <1480604438.3101.0.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Remove unneeded permissions to read user content from the
xserver module.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/services/xserver.te |    6 ------
 1 file changed, 6 deletions(-)

--- refpolicy-git/policy/modules/services/xserver.te	2016-10-29 16:29:13.454156211 +0200
+++ refpolicy-git-06082016/policy/modules/services/xserver.te	2016-12-01 15:08:39.793367796 +0100
@@ -843,12 +842,6 @@ corenet_tcp_bind_vnc_port(xserver_t)
 
 init_use_fds(xserver_t)
 
-# FIXME: After per user fonts are properly working
-# xserver_t may no longer have any reason
-# to read ROLE_home_t - examine this in more detail
-# (xauth?)
-userdom_read_user_home_content_files(xserver_t)
-
 tunable_policy(`use_nfs_home_dirs',`
 	fs_manage_nfs_dirs(xserver_t)
 	fs_manage_nfs_files(xserver_t)