From: guido@trentalancia.net (Guido Trentalancia) Date: Sat, 31 Dec 2016 17:38:52 +0100 Subject: [refpolicy] [PATCH v5] xserver: restrict executable memory permissions In-Reply-To: <63133c4e-ec11-517c-eae4-bd6a768a0a8b@ieee.org> References: <1482945627.7302.8.camel@trentalancia.net> <1482954976.2738.9.camel@trentalancia.net> <1483058219.31174.0.camel@trentalancia.net> <2093778852.71948.1483135647164.JavaMail.open-xchange@popper10.register.it> <6af90cee-3558-05b2-aeed-d15f89debaa1@ieee.org> <1483200178.3041.3.camel@trentalancia.net> <63133c4e-ec11-517c-eae4-bd6a768a0a8b@ieee.org> Message-ID: <1483202332.14835.1.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sat, 31/12/2016 at 11.27 -0500, Chris PeBenito wrote: > On 12/31/16 11:02, Guido Trentalancia via refpolicy wrote: > > > > @@ -450,6 +459,11 @@ term_setattr_console(xdm_t) > > ?term_use_unallocated_ttys(xdm_t) > > ?term_setattr_unallocated_ttys(xdm_t) > > > > +# for xconsole > > +term_use_ptmx(xdm_t) > > +term_use_generic_ptys(xdm_t) > > +term_relabel_all_ptys(xdm_t) > > + > > ?auth_domtrans_pam_console(xdm_t) > > ?auth_manage_pam_pid(xdm_t) > > ?auth_manage_pam_console_data(xdm_t) > > I've asked a couple times.??What creates this pty???It should be? > properly labeled.??Generic pty use should be avoided if possible. Perhaps, I misunderstood your question, I am sorry about that ! I think it is a bug in the patch. It shouldn't need those term interfaces. I am now testing an improved patch, it should be ready shortly... Regards, Guido