From: guido@trentalancia.net (Guido Trentalancia) Date: Sat, 17 Dec 2016 17:43:13 +0100 Subject: [refpolicy] [PATCH v2 5/5] rtkit: enable dbus chat with xdm In-Reply-To: <1481756950.3080.2.camel@trentalancia.net> References: <1481130053.3300.9.camel@trentalancia.net> <1481217618.20182.8.camel@trentalancia.net> <1481322107.2989.1.camel@trentalancia.net> <1481676545.17446.13.camel@trentalancia.net> <7a91e7db-5de3-9c37-549f-e6d1cd8c446b@ieee.org> <1481756950.3080.2.camel@trentalancia.net> Message-ID: <1481992993.5458.2.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hello Christopher. I think for some reason this patch has been forgotten... It is part 5/5 of a patchset that you have just applied, but this is missing from the git tree. On Thu, 15/12/2016 at 00.09 +0100, Guido Trentalancia via refpolicy wrote: > Enable dbus messaging between the X Display Manager (XDM) and > the rtkit daemon. > > Also, let the rtkit daemon set the priority of all X Display > Managers (XDM). > > This patch (along with parts 3/5 and 4/5) is needed when > running gdm. > > Signed-off-by: Guido Trentalancia > --- > ?policy/modules/contrib/rtkit.te????|????8 ++++++++ > ?policy/modules/services/xserver.if |???20 +++++++++++++++++++- > ?2 files changed, 27 insertions(+), 1 deletion(-) > > --- a/policy/modules/contrib/rtkit.te 2016-12-14 > 02:25:03.296232854 +0100 > +++ b/policy/modules/contrib/rtkit.te 2016-12-15 > 00:02:39.744279486 +0100 > @@ -42,4 +42,12 @@ optional_policy(` > ? optional_policy(` > ? policykit_dbus_chat(rtkit_daemon_t) > ? ') > + > + optional_policy(` > + xserver_dbus_chat_xdm(rtkit_daemon_t) > + ') > +') > + > +optional_policy(` > + xserver_setsched_all_xdms(rtkit_daemon_t) > ?') > --- a/policy/modules/services/xserver.if 2016-12-14 > 02:25:03.297232878 +0100 > +++ b/policy/modules/services/xserver.if 2016-12-15 > 00:03:37.656417716 +0100 > @@ -162,7 +162,6 @@ interface(`xserver_role',` > ? manage_files_pattern($2, user_fonts_config_t, > user_fonts_config_t) > ? relabel_dirs_pattern($2, user_fonts_config_t, > user_fonts_config_t) > ? relabel_files_pattern($2, user_fonts_config_t, > user_fonts_config_t) > - > ?') > ? > ?####################################### > @@ -1350,3 +1349,22 @@ interface(`xserver_unconfined',` > ? typeattribute $1 x_domain; > ? typeattribute $1 xserver_unconfined_type; > ?') > + > +######################################## > +## > +## Set the priority of all X > +## Display Managers (XDM). > +## > +## > +## > +## Domain allowed access. > +## > +## > +# > +interface(`xserver_setsched_all_xdms',` > + gen_require(` > + attribute xdm_domain; > + ') > + > + allow $1 xdm_domain:process setsched; > +') Regards, Guido