From: pebenito@ieee.org (Chris PeBenito) Date: Wed, 21 Dec 2016 14:30:34 -0500 Subject: [refpolicy] [PATCH 2/2] base: enable the xscreensaver role In-Reply-To: <1482191326.21205.2.camel@trentalancia.net> References: <1482191278.21205.0.camel@trentalancia.net> <1482191326.21205.2.camel@trentalancia.net> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 12/19/16 18:48, Guido Trentalancia via refpolicy wrote: > This patch enables the xscreensaver role so that the > xscreensaver module is used on those systems where the > corresponding application is installed. > > Signed-off-by: Guido Trentalancia > --- > policy/modules/roles/staff.te | 4 ++++ > policy/modules/roles/sysadm.te | 4 ++++ > policy/modules/roles/unprivuser.te | 4 ++++ > 3 files changed, 12 insertions(+) > > diff -pru a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te > --- a/policy/modules/roles/staff.te 2016-12-17 17:29:27.013224286 +0100 > +++ b/policy/modules/roles/staff.te 2016-12-19 23:49:03.273075067 +0100 > @@ -60,6 +60,10 @@ optional_policy(` > ') > > optional_policy(` > + xscreensaver_role(staff_r, staff_t) > +') > + > +optional_policy(` > xserver_role(staff_r, staff_t) > ') > > diff -pru a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te > --- a/policy/modules/roles/sysadm.te 2016-12-17 17:29:27.014224298 +0100 > +++ b/policy/modules/roles/sysadm.te 2016-12-19 23:48:30.570713001 +0100 > @@ -1199,6 +1199,10 @@ optional_policy(` > ') > > optional_policy(` > + xscreensaver_role(sysadm_r, sysadm_t) > +') > + > +optional_policy(` > xserver_role(sysadm_r, sysadm_t) > ') > > diff -pru a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te > --- a/policy/modules/roles/unprivuser.te 2016-12-17 17:29:27.014224298 +0100 > +++ b/policy/modules/roles/unprivuser.te 2016-12-19 23:47:57.260344193 +0100 > @@ -29,6 +29,10 @@ optional_policy(` > ') > > optional_policy(` > + xscreensaver_role(user_r, user_t) > +') > + > +optional_policy(` > xserver_role(user_r, user_t) > ') > Merged, though it may make sense to nest the optional inside the xserver optional. -- Chris PeBenito