From: guido@trentalancia.net (Guido Trentalancia) Date: Wed, 14 Dec 2016 22:29:40 +0100 Subject: [refpolicy] [PATCH v2 1/5] wm: update the window manager (wm) module and enable its role template (v5) In-Reply-To: References: <1481130053.3300.9.camel@trentalancia.net> <1481217618.20182.8.camel@trentalancia.net> <1481322107.2989.1.camel@trentalancia.net> <1481676520.17446.9.camel@trentalancia.net> <1481680495.3551.1.camel@trentalancia.net> <1481721818.2981.9.camel@trentalancia.net> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Yes, thanks for pointing that out. The new revised version will be ready soon... On the 14th December 2016 22:25:52 CET, Chris PeBenito wrote: >On 12/14/16 08:23, Guido Trentalancia via refpolicy wrote: >> Hello Jason, >> >> you took the list off for this message, I think this is not >> intentional, so I am bringing the reply back on the list... >> >> On Wed, 14/12/2016 at 21.01 +0800, Jason Zaman wrote: >>> >>> >>> On 14 Dec 2016 09:54, "Guido Trentalancia via refpolicy" >>> ss.tresys.com> wrote: >>> Enable the window manager role (wm contrib module) and update >>> the module to work with gnome-shell. >>> >>> This patch requires the following recently posted patch for the >>> games module: >>> >>> [PATCH v3 1/2] games: general update and improved pulseaudio >>> integration >>> http://oss.tresys.com/pipermail/refpolicy/2016-December/008679.html >>> >>> This patch has received some testing with the following two >>> configurations: >>> - gnome-shell executing in normal mode (with display managers >>> other than gdm, such as xdm from XOrg); >>> - gnome-shell executing in gdm mode (with the Gnome Display >>> Manager). >>> >>> Patches 3/5, 4/5 and 5/5 are needed when gnome-shell is used >>> in conjunction with gdm. >>> >>> Since the window managers are not limited by gnome-shell, this >latter >>> version of the patch (along with part 2/5) uses separate optional >>> conditionals for the gnome and wm role templates. >>> >>> Signed-off-by: Guido Trentalancia >>> --- >>> policy/modules/contrib/colord.te | 5 ++ >>> policy/modules/contrib/dbus.te | 5 ++ >>> policy/modules/contrib/wm.if | 43 +++++++++++++++++- >>> policy/modules/contrib/wm.te | 88 >>> ++++++++++++++++++++++++++++++++++++- >>> policy/modules/roles/staff.te | 8 ++- >>> policy/modules/roles/sysadm.te | 4 + >>> policy/modules/roles/unprivuser.te | 8 ++- >>> 7 files changed, 155 insertions(+), 6 deletions(-) >>> > >[...] > >>> diff -pruN refpolicy-git-07122016-orig/policy/modules/contrib/wm.te >>> refpolicy-git-07122016/policy/modules/contrib/wm.te >>> --- refpolicy-git-07122016-orig/policy/modules/contrib/wm.te >2016- >>> 12-14 02:24:53.396000918 +0100 >>> +++ refpolicy-git-07122016/policy/modules/contrib/wm.te 2016-12-13 >>> 00:34:34.876856837 +0100 >>> @@ -10,6 +10,18 @@ attribute wm_domain; >>> type wm_exec_t; >>> corecmd_executable_file(wm_exec_t) >>> >>> +type wm_tmp_t; >>> +typealias wm_tmp_t alias { user_wm_tmp_t staff_wm_tmp_t >>> sysadm_wm_tmp_t }; >>> +userdom_user_tmp_file(wm_tmp_t) >>> + >>> +type wm_tmpfs_t; >>> +typealias wm_tmpfs_t alias { user_wm_tmpfs_t staff_wm_tmpfs_t >>> sysadm_wm_tmpfs_t }; >>> +userdom_user_tmpfs_file(wm_tmpfs_t) > >Don't add aliases. The alias types never existed, so there is no >compatibility to preserve.