From: guido@trentalancia.net (Guido Trentalancia) Date: Tue, 20 Dec 2016 16:30:16 +0100 Subject: [refpolicy] [PATCH 2/2] contrib: support the new interface to manage X session logs In-Reply-To: <1482247723.12013.1.camel@trentalancia.net> References: <1482247723.12013.1.camel@trentalancia.net> Message-ID: <1482247816.12013.3.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com The following patch (split in two parts, one for base and another one for contrib) introduces a new file context for the X session log files and a new interface to manage them (instead of allowing to manage the whole user home content files). It is required after the recent confinement of graphical desktop components (e.g. wm, xscreensaver). This second part (tackling the contrib policy) requires the following recently posted xscreensaver patch: [PATCH 1/2] xscreensaver: update the module so that it can be effectively used http://oss.tresys.com/pipermail/refpolicy/2016-December/008789.html Signed-off-by: Guido Trentalancia --- policy/modules/contrib/dbus.te | 1 + policy/modules/contrib/gnome.te | 5 +++++ policy/modules/contrib/wm.te | 1 + policy/modules/contrib/xscreensaver.te | 6 +++++- 4 files changed, 12 insertions(+), 1 deletion(-) diff -pru a/policy/modules/contrib/dbus.te b/policy/modules/contrib/dbus.te --- a/policy/modules/contrib/dbus.te 2016-12-17 17:29:33.783306242 +0100 +++ b/policy/modules/contrib/dbus.te 2016-12-20 15:58:17.132302476 +0100 @@ -244,6 +244,7 @@ seutil_read_default_contexts(session_bus term_use_all_terms(session_bus_type) optional_policy(` + xserver_manage_xsession_log(session_bus_type) xserver_use_xdm_fds(session_bus_type) xserver_rw_xdm_pipes(session_bus_type) ') diff -pru a/policy/modules/contrib/gnome.te b/policy/modules/contrib/gnome.te --- a/policy/modules/contrib/gnome.te 2016-12-07 13:39:50.014910721 +0100 +++ b/policy/modules/contrib/gnome.te 2016-12-20 16:00:46.655335209 +0100 @@ -70,6 +70,7 @@ logging_send_syslog_msg(gnomedomain) userdom_use_user_terminals(gnomedomain) optional_policy(` + xserver_manage_xsession_log(gnomedomain) xserver_rw_xdm_pipes(gnomedomain) xserver_use_xdm_fds(gnomedomain) ') @@ -145,3 +146,7 @@ optional_policy(` optional_policy(` telepathy_mission_control_read_state(gkeyringd_domain) ') + +optional_policy(` + xserver_manage_xsession_log(gkeyringd_domain) +') diff -pru a/policy/modules/contrib/wm.te b/policy/modules/contrib/wm.te --- a/policy/modules/contrib/wm.te 2016-12-17 17:29:33.856307127 +0100 +++ b/policy/modules/contrib/wm.te 2016-12-20 15:53:56.875764348 +0100 @@ -128,4 +128,5 @@ optional_policy(` optional_policy(` xserver_dbus_chat_xdm(wm_domain) + xserver_manage_xsession_log(wm_domain) ') diff -pru a/policy/modules/contrib/xscreensaver.te b/policy/modules/contrib/xscreensaver.te --- a/policy/modules/contrib/xscreensaver.te 2016-12-20 16:03:13.740334792 +0100 +++ b/policy/modules/contrib/xscreensaver.te 2016-12-20 16:03:00.817159110 +0100 @@ -58,7 +58,10 @@ miscfiles_read_localization(xscreensaver userdom_use_user_terminals(xscreensaver_t) userdom_read_user_home_content_files(xscreensaver_t) -xserver_user_x_domain_template(xscreensaver, xscreensaver_t, xscreensaver_tmpfs_t) +optional_policy(` + xserver_manage_xsession_log(xscreensaver_t) + xserver_user_x_domain_template(xscreensaver, xscreensaver_t, xscreensaver_tmpfs_t) +') ######################################## # @@ -87,5 +90,6 @@ miscfiles_read_fonts(xscreensaver_helper miscfiles_read_localization(xscreensaver_helper_t) optional_policy(` + xserver_manage_xsession_log(xscreensaver_helper_t) xserver_stream_connect(xscreensaver_helper_t) ')