From: guido@trentalancia.net (Guido Trentalancia) Date: Thu, 01 Dec 2016 16:00:38 +0100 Subject: [refpolicy] [PATCH] xserver: remove unneeded user content permissions Message-ID: <1480604438.3101.0.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Remove unneeded permissions to read user content from the xserver module. Signed-off-by: Guido Trentalancia --- policy/modules/services/xserver.te | 6 ------ 1 file changed, 6 deletions(-) --- refpolicy-git/policy/modules/services/xserver.te 2016-10-29 16:29:13.454156211 +0200 +++ refpolicy-git-06082016/policy/modules/services/xserver.te 2016-12-01 15:08:39.793367796 +0100 @@ -843,12 +842,6 @@ corenet_tcp_bind_vnc_port(xserver_t) init_use_fds(xserver_t) -# FIXME: After per user fonts are properly working -# xserver_t may no longer have any reason -# to read ROLE_home_t - examine this in more detail -# (xauth?) -userdom_read_user_home_content_files(xserver_t) - tunable_policy(`use_nfs_home_dirs',` fs_manage_nfs_dirs(xserver_t) fs_manage_nfs_files(xserver_t)