From: pebenito@ieee.org (Chris PeBenito) Date: Sat, 31 Dec 2016 11:27:20 -0500 Subject: [refpolicy] [PATCH v5] xserver: restrict executable memory permissions In-Reply-To: <1483200178.3041.3.camel@trentalancia.net> References: <1482945627.7302.8.camel@trentalancia.net> <1482954976.2738.9.camel@trentalancia.net> <1483058219.31174.0.camel@trentalancia.net> <2093778852.71948.1483135647164.JavaMail.open-xchange@popper10.register.it> <6af90cee-3558-05b2-aeed-d15f89debaa1@ieee.org> <1483200178.3041.3.camel@trentalancia.net> Message-ID: <63133c4e-ec11-517c-eae4-bd6a768a0a8b@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 12/31/16 11:02, Guido Trentalancia via refpolicy wrote: > @@ -450,6 +459,11 @@ term_setattr_console(xdm_t) > term_use_unallocated_ttys(xdm_t) > term_setattr_unallocated_ttys(xdm_t) > > +# for xconsole > +term_use_ptmx(xdm_t) > +term_use_generic_ptys(xdm_t) > +term_relabel_all_ptys(xdm_t) > + > auth_domtrans_pam_console(xdm_t) > auth_manage_pam_pid(xdm_t) > auth_manage_pam_console_data(xdm_t) I've asked a couple times. What creates this pty? It should be properly labeled. Generic pty use should be avoided if possible. -- Chris PeBenito